Twitter Bug May Have Exposed Millions of DMs

  /     /     /  
Publicated : 23/11/2024   Category : security


Twitter Bug May Have Exposed Millions of DMs


The year-long bug could have compromised interactions between customers and businesses, the social media firm reports.



Twitter has confirmed a bug in its account activity API (AAAPI) primarily affecting direct messages and interactions with companies that use the platform for customer service.
AAAPI is an API designed to let registered developers build tools to facilitate communication between businesses and customers via Twitter. Under specific circumstances, if a user chatted with a company on Twitter, and that company relied on a developer that used AAAPI to enable the chat, their DMs or protected tweets may have gone to another developer, Sophos reports.
The bug ran from May 2017 to September 10, 2018, when it was detected and addressed within hours of its discovery, Twitter
says
in a statement. The bug affected less than 1% of users, and the company immediately released a fix to prevent data from going to the wrong developers.
Based on its initial analysis, Twitter says a complex series of technical circumstances had to occur at the same time for this bug to have led to account data being shared with the wrong source. For example, two or more registered developers would have had to have active AAAPI subscriptions configured for domains that resolved to the same public IP.
Twitter is contacting account holders affected by this bug via in-app notifications and on twitter.com. It has also contacted developer partners to ensure they are complying with obligations to delete data they shouldnt have, and it states that anyone who mistakenly received the wrong information is part of its developer program, which was recently expanded.
Read more details
here
.
 
Black Hat Europe returns to London Dec. 3-6, 2018, with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the
conference
 and
to register.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Twitter Bug May Have Exposed Millions of DMs