Twitter claimed that the bug was found in Account Activity API (AAAPI), used by Twitter developers to receive realtime activities of users to create tools for better user experience & customer service support. The bug in the system may have shared otherwise private conversations users engage in through DMs, like if you shared your bank account information with a friend to help with a transaction or you shared your departure details with your mom or raised a concern to a telecom service provider, if you were a part of the affected 1%, these conversations might have been shared with the unknown.
Twitter mentioned they haven’t found such an instance where the data was sent to the incorrect party, but they can’t deny it happened either. They also said it only involves conversations via Direct Messages with companies and not other conversations but they’ve not specified how they were able to filter them and for all, we know it could be a false claim to save face.
Although they have acknowledged the instance and said to have sent notifications to the potentially affected. The issue may have begun around May and was only found and fixed recently on September 21. Users who have received such notifications are agitated and anxious, as anyone would be when they know that their private conversations weren’t private. The company has contacted the affected users directly via in-app notice or the website notification.
While it may have not been completely Twitter’s fault, it may have been a system’s issue, but it can’t be denied that this is an invasion of privacy and even a violation of the regulations a social media platform needs to follow. On a scale as huge as Twitter’s, they should be more responsible as they would be accountable for everything related to the platform, even a bug.
Developers use our APIs to create tools, like customer service support, or apps to better understand public conversations. We found and fixed a bug that affected less than 1% of people on Twitter in an API that may have shared certain account interactions.
— Twitter Support (@TwitterSupport) September 21, 2018