Another day, another major tech company admitting data protection issues.
Twitter announced on Friday a “complex” bug allowed third-party developers to see the direct messages of up to several million users. The bug ran for more than a year, and was shut down by Twitter on Sep. 10, according to a company blog post.
The bug impacted less than one percent of users, according to Twitter — although with 335 million users at last count, it still left millions of accounts vulnerable. The DMs able to be scanned were conversations between users and businesses — Twitter gave an example of a user talking to an airline — thanks to an issue with a support tool connecting businesses and customers.
Twitter said it is notifying users who were affected, and also “working” with developers to “delete information they should not have.”
The announcement comes as Silicon Valley finds its data protection policies under increased scrutiny. Facebook was rocked by the Cambridge Analytica data leak earlier this year, where up to 87 million users had their information unknowingly accessed by the now-defunct political firm. The social network has tweaked its data policies and offered several public mea culpas since then, as its share price has continued to flounder. Google — set to testify before Congress next week — admitted this week it allows third-party apps to scan and share data from 1.4 billion Gmail accounts.
This was Twitter’s second bug issue of 2018, after the company recommended all of its users change their passwords in May.