Categories: SecurityWorkspace

Twitter Fixes Privacy Bug That Affected 93,000 Users

Twitter has said it fixed a bug in its systems that affected the privacy of more than 93,000 accounts for several months.

The issue affected protected accounts, whose messages are under normal circumstances only visible to “followers” approved by the user, according to Bob Lord, Twitter’s director of information security. In the case of 93,788 of these accounts, non-approved followers were allowed to receive protected tweets via SMS or push notifications, according to Lord.

Apology

The bug had been in effect since November 2013, Lord said.

While the number of users is small compared with Twitter’s more than 240 million active users per month, Lord said the company was taking the issue seriously.

“This should not have happened,” Lord said in a blog post on Sunday. “We’ve emailed each of these affected users to let them know about this bug and extend our whole-hearted apologies.”

The unapproved follows have been removed, and Twitter said it has “taken steps” to prevent a similar situation from recurring.

The bug was discovered and reported to Twitter by a “white hat” security researcher, according to Lord.

Ongoing security problems

The event follows a false alarm earlier this month, when a system error resulted in Twitter sending thousands of messages to users, telling them, erroneously, that their accounts had been compromised.

A real security breach last year resulted in the passwords and usernames of 250,000 users being stolen, along with emails and other data, while in August a hacker leaked the details of more than 15,000 Twitter accounts, which had apparently been stored by third-party applications.

Twitter accounts have also become a popular target for activist organisations such as the Syrian Electronic Army (SEA), with major organisations such as Microsoft, Thomson Reuters, CNN, and the Guardian, and others seeing their Twitter accounts compromised in recent months.

Such incidents have led Twitter to introduce a number of improvements to its security and authentication systems. In 2012 Twitter enabled the secure HTTPS protocol for its users by default.

In February Twitter posted its first earnings report since it went public last November, showing improving financials but slowing growth in the company’s user base. The company revealed it has 241 million monthly active users, with 48 billion views of Twitter timelines recorded in the last three months.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

17 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

18 hours ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

19 hours ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago