Error in Twitter may have sent private messages to companies to other developers

Due to an error in a Twitter API, a number of private messages from some users may have been made available to third party developers. The error was in the Account Activity API (AAAPI), which allows developers to create services for companies to communicate with customers.

The error has been present since May 2017. On 10 September this year, the error was discovered and within a few hours resolved, reports The Verge. Less than one percent of users were affected by the error, but that could still be 3 million people. Twitter has 335 million active users.

AAAPI is used by developers when they create services for companies that want to communicate with customers. As an example, the social medium gives a private message to an airline that uses a developer account to access the affected API.

Error

“If you have been in contact with an account or company on Twitter that used a developer using AAAPI to deliver the services, the bug may have caused some of these interactions to have been inadvertently sent to another developer,” said the platform.

“If your company has given a developer using AAAPI permission to access your account, the error may have affected your activity data. Such private messages to and from companies may contain sensitive information about customers. For example, it could be an address if information is requested from PostNL.

Twitter claims not to have found any evidence that private messages have been sent to the wrong party, but cannot say with complete certainty that this has indeed not happened. Before a message was sent to the wrong party, a “complex set of technical conditions” was required.

The social medium contacts affected users via its mobile app and website. It also works with developers to ensure that people who have received unauthorized information delete it.