Twitter. Android. Private tweets. Pick two... Account bug unlocked padlocked accounts
Cock-up went unnoticed for two Olympics, one World Cup, an EU referendum, and a US presidential election
Twitter has fessed up to a flaw in its Android app that, for more than four years, was making twits' private tweets public. The programming blunder has been fixed.
The 280-character social-experiment-gone-awry admitted on Thursday that a bug dating back to November 3, 2014 potentially changed users' "Protect your Tweets" preference – which hides tweets from public view so they are only seen by followers – to publicly visible when a user's email address or other account settings were changed.
This is particularly bad news for netizens who opted for protected tweets, because they typically padlock their feeds to avoid potential or real harassment, or consider the contents of their feeds to be sensitive or highly personal in nature.
Twitter wouldn't say exactly how many of its twits had their protected tweets exposed to the world, but if you were running the Twitter for Android app, now is probably a good time to go back over your profile and check your privacy settings.
FYI: Twitter's API still spews enough metadata to reveal exactly where you lived, workedREAD MORE
The Twitter iOS app and website were not affected by the bug, so Apple fans and desktop users can breathe a sigh of relief, at least.
"We've informed people we know were affected by this issue and have turned "Protect your Tweets" back on for them if it was disabled," Twitter said. "We are providing this broader notice through the Twitter Help Center since we can’t confirm every account that may have been impacted."
Twitter has some experience handling these sort of problems. Back in September the site disclosed that a bug in one of its APIs would have accidentally given some developers the ability to read the protected tweets and DMs of some users.
More recently, a team of researchers from the US and Greece revealed that Twitter's past geolocation settings (prior to turning the feature off by default in 2015) could be used years later to reliably track the activity of individuals and infer highly personal information.
Perhaps, at the end of the day, the best policy should be to never share anything with Twitter that you don't want the whole world to know about. ®
Sponsored: Becoming a Pragmatic Security Leader