Twitter discovered a bug in Account Activity API exposing data

Brink

Brink

Administrator
Staff member
Local time
6:54 AM
Messages
74,819
Location
Oklahoma
We recently discovered a bug in our Account Activity API (AAAPI). This API allows registered developers to build tools to better support businesses and their communications with customers on Twitter. If you interacted with an account or business on Twitter that relied on a developer using the AAAPI to provide their services, the bug may have caused some of these interactions to be unintentionally sent to another registered developer. In some cases this may have included certain Direct Messages or protected Tweets, for example a Direct Message with an airline that had authorized an AAAPI developer. Similarly, if your business authorized a developer using the AAAPI to access your account, the bug may have impacted your activity data in error.

It is important to note that based on our initial analysis, a complex series of technical circumstances had to occur at the same time for this bug to have resulted in account information definitively being shared with the wrong source. More here.

Key updates:

  • The bug ran from May 2017 and within hours of discovering it on September 10, 2018, we shipped a fix to prevent data from being unintentionally sent to the incorrect developer.
  • The bug affected less than 1% of people on Twitter.
  • Any party that may have received unintended information was a developer registered through our developer program, which we have significantly expanded in recent months to prevent abuse and misuse of data.
What’s next?

  • If your account was affected by this bug, we will contact you directly through an in-app notice and on twitter.com.
  • We have contacted our developer partners and are working with them to ensure that they are complying with their obligations to delete information they should not have.
  • Our investigation is ongoing. We will continue to provide updates with any relevant information.
We’re very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day. For more on our updated API policies and how to monitor the apps you are using on Twitter, see here and here.
Click to expand...


Source: Fixing a bug in our Account Activity API



 

My Computer My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self built custom
OS
64-bit Windows 11 Pro for Workstations
CPU
Intel i7-8700K OC'd to 5 GHz
Motherboard
ASUS ROG Maximus XI Formula Z390
Memory
64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz
Graphics Card(s)
ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
Sound Card
Integrated
Monitor(s) Displays
2 x Samsung Odyssey G7 27"
Screen Resolution
2560x1440
Hard Drives
1TB Samsung 990 PRO M.2,
4TB Samsung 990 PRO PRO M.2,
TerraMaster F8 SSD Plus NAS
PSU
Seasonic Prime Titanium 850W
Case
Thermaltake Core P3
Cooling
Corsair Hydro H115i
Keyboard
Logitech wireless K800
Mouse
Logitech MX Master 4
Internet Speed
2 Gb/s Download and 100 Mb/s Upload
Antivirus
Malwarebyte Anti-Malware Premium
Browser
Google Chrome
Other Info
Logitech Z625 speaker system,
Logitech BRIO 4K Pro webcam,
HP Color LaserJet Pro MFP M477fdn,
APC SMART-UPS RT 1000 XL - SURT1000XLI,
Galaxy S23 Plus phone
You must log in or register to reply here.
Back
Top