Some Twitter users recently got a message saying their direct messages or protected tweets may have accidentally been sent to developers “who were not authorized to receive them.”
Twitter said that the issue affected 1% of users and required a very specific set of circumstances to happen. Additionally, Twitter said it had no evidence any developers actually did receive any messages they were not intended to, but said it couldn’t rule out the possibility that it happened either. However, users voiced concern that the bug was found Sept. 10 and were only notified beginning Friday.
The fact that this is the second security breach this year didn’t help matters, either.
Earlier this year, Twitter said it mistakenly saved users passwords in plaintext in an internal log that was used by staff and asked users to change their passwords. On top of that, Twitter is also still receiving heat after many users were found locked out of their accounts. Twitter said the action was taken against users who were under 13 or whose birthdays showed they may have been under 13 when they signed up for the service.
More details on the conditions needed for the problem to occur can be found in its blog post on the issue.