Twitter fixes long-standing bug that exposed protected accounts to unapproved followers


Twitter has just fixed a bug that in some cases allowed tweets from users with protected accounts to be read by non-approved followers.

The social media site said on its blog that the bug had been around since November, though only affected a tiny fraction of its user base.

“We were alerted to and fixed a bug in our system that, for 93,788 protected accounts under rare circumstances, allowed non-approved followers to receive protected tweets via SMS or push notifications since November 2013,” Bob Lord, Twitter’s director of information security, wrote in a post.

The San Francisco-based company said that the fix should ensure such a bug doesn’t occur again in the future, adding that it had removed any unapproved followers from protected accounts.

twitter protected

It also said that although the bug only affected a small percentage of its users, “that does not change the fact that this should not have happened,” as it had resulted in unauthorized access to private tweets. Twitter has emailed those affected to inform them of the flaw and to offer its “whole-hearted apologies”

The social media company was in the news again earlier this month when it emerged a mass password reset had been triggered in error, with up to several million users of its service left temporarily locked out of their account.

In a more serious incident early last year, Twitter was the subject of a security breach involving around a quarter of a million accounts when hackers succeeded in gaining access to an array of personal information believed to include usernames, email addresses, and encrypted versions of passwords.