Select Page

The security and privacy issues with APIs and third-party app developers are something that’s not just Facebook is dealing with.

A bug in Twitter’s API inadvertently exposed some users’ direct messages (DMs) and protected tweets to unauthorised third-party app developers who weren’t supposed to get them, Twitter disclosed in its Developer Blog on Friday.

The Twitter AAAPI bug was present for more than a year—from May 2017 until September 10—when the microblogging platform discovered the issue and patched it “within hours of discovering it.”

In other words, the bug was active on the platform for almost 16 months.

What Happened?

Twitter found a bug in its Account Activity API (AAAPI), which is used by registered developers to build tools to support business communications with their customers, and the bug could have exposed those customers’ interactions.

images from Hacker News