Twitter has announced it has patched a bug over the weekend that potentially allowed hackers to read tweets posted from protected accounts without approval.
Twitter’s protected accounts program allows users to restrict who is able to read their tweets to a pre-approved list of followers.
However, as a result of the bug, in some circumstances hackers were able to circumvent the restrictions through the use of SMS or push notifications.
In a statement, Twitter’s director of information security, Bob Lord, openly apologised to users about the bug.
“We were alerted to and fixed a bug in our system that, for 93,788 protected accounts under rare circumstances, allowed non-approved followers to receive protected tweets via SMS or push notifications since November 2013.
“As part of the bug fix, we’ve removed all of these unapproved follows, and taken steps to protect against this kind of bug in the future.
“While the scope of this bug was small in terms of affected users, that does not change the fact that this should not have happened. We’ve emailed each of these affected users to let them know about this bug and extend our whole-hearted apologies.”
In the statement, Lord also thanks Twitter’s white hat security community for helping to identify the bug.
ABOUT THE AUTHOR
COMMENTS
SmartCompany is committed to hosting lively discussions. Help us keep the conversation useful, interesting and welcoming. We aim to publish comments quickly in the interest of promoting robust conversation, but we’re a small team and we deploy filters to protect against legal risk. Occasionally your comment may be held up while it is being reviewed, but we’re working as fast as we can to keep the conversation rolling.
The SmartCompany comment section is members-only content. Please subscribe to leave a comment.
The SmartCompany comment section is members-only content. Please login to leave a comment.