Twitter disclosed this week that a bug in its “Account Activity API” may have been at fault for sending some people’s direct messages to Twitter developers. As noted by CNET, Twitter has located and resolved the bug, and says it is “very sorry this happened.”
The Account Activity API allows developers to build tools that help businesses communicate with customers. Twitter says that users who interacted with accounts or businesses that used the AAAPI are the ones affected by this issue.
What this means is that if you interacted with a company via direct message on Twitter for something like customer support, it’s possible that your messages were sent to the wrong recipient. Twitter says, however, that thus far it has not found any instance where data was sent to the wrong party, but that it can’t “conclusively confirm” it didn’t happen:
Developers use our APIs to create tools, like customer service support, or apps to better understand public conversations. We found and fixed a bug that affected less than 1% of people on Twitter in an API that may have shared certain account interactions.
We haven’t found an instance where data was sent to the incorrect party. But we can’t conclusively confirm it didn’t happen, so we’re telling potentially impacted people about the bug. If you were potentially involved, we’ll contact you today. We’re sorry that this happened.
Twitter has been displaying a pop up notification to those users affected by the bug. The message explains that the bug “may have sent one or more your direct messages or protected tweets” to Twitter developers. Further, Twitter says the issue has persisted since May 2017.
Sorry, what ?! My DMs may have been sent to developers for a more than a year?? pic.twitter.com/0ry6pyZIdI
— Karissa Bell (@karissabe) September 21, 2018
All in all, Twitter says that its investigation is “ongoing” and that it will continue to provide updates.