Twitter bug allowed unapproved access to protected accounts

The bug affected account holders who wanted to keep their tweets private but were vulnerable to unapproved users accessing their tweets.
By Ananth Baliga  |  March 10, 2014 at 4:39 PM
share with facebook
share with twitter

SAN FRANCISCO, March 10 (UPI) -- Twitter says it has a corrected a bug that entered its systems November 2013, which allowed unapproved users to read tweets coming from protected accounts.

Protected accounts are those that require the owner to manually approve followers, and only those followers can read the owner's tweets. Some unapproved users were able to read unprotected tweets that were sent via SMS/push notifications.

Twitter referenced the bug in a rather short security post on their blog and didn't divulge many details. They said that the bug, which affected 93,788 protected accounts, had been fixed, unapproved users had now been removed and users affected by the bug had been notified via email.

"While the scope of this bug was small in terms of affected users, that does not change the fact that this should not have happened. We’ve emailed each of these affected users to let them know about this bug and extend our whole-hearted apologies," read the post from Bob Lord, director of information security.

Twitter thanked its white hat security community, a group of independent security researchers who volunteer their time to spot potential security issues, a member of which was the first to notice the bug and help fix it.

[Twitter] [TechCrunch]

Related UPI Stories
Trending Stories