A bug in Twitter Account Activity API exposed users messages to wrong developers

September 24, 2018

A bug in Twitter Account Activity API has exposed some users’ direct messages (DMs) and protected tweets to unauthorized third-party app developers.

“We recently published a notice about a bug related to our Account Activity API that could have resulted in data being delivered to the wrong registered developer.” reads a security advisory published by Twitter.

“As part of our ongoing investigation, we have already emailed all developers who may have been impacted, and want to provide some additional details to potentially affected developers here.”

Read More on Security Affairs