On Friday, Twitter began alerting some users that their direct messages or protected tweets may have been sent to Twitter developers who were not authorized to receive them due to a bug identified nearly two weeks ago. The company says it identified the bug on Monday, September 10.
What happened? In a developer notice posted Friday, Twitter said it found a bug in its Account Activity API, which allows registered developers to build tools to support business communications with customers. The company says the bug only affected user communications with business accounts.
In a message to users, the company said one or more of their direct messages or protected tweets to Twitter developers due to the bug, which had persisted since May 2017.
Mashable reporter Karissa Bell tweeted the notice she received from Twitter Friday afternoon. Twitter sid fixed the issue immediately and continues to investigate the issue, but does not believe the information was mishandled
“Our investigation into this issue is ongoing, but presently we have no reason to believe that any data sent to unauthorized developers was misused,” Twitter said in the message.
How many users were affected? In a follow-up blog post, Twitter said it affected less than 1 percent of users. It is notifying any affected users with the notice shown above.
Further, it said, “Any party that may have received unintended information was a developer registered through our developer program, which we have significantly expanded in recent months to prevent abuse and misuse of data.”
Why does this matter to marketers? Many businesses use Twitter direct messages in their sales and customer service functions to communicate with customers and prospects. Though this appears to have affected a small percentage of users, it’s yet another flag (even if a small one) for marketers that rely on services like Twitter as part of their marketing stack. Over the past year, Twitter has focsused on improving the “health” of its platform, in part by shoring up third-party developer access. Ealier this month, Twitter tightened developer access to its APIs and restricted the number of actions third-party apps can perform each day.