Big news flashed today as Twitter reportedly sent a message that includes information regarding an API big that the company identified on September 10. This bug possibly allowed the Twitter Developers to read direct messages and protected accounts, even though the developers were not consented to entertain them.
Twitter gave a quick detail about this bug on its Developer blog, stating that it might have allowed data to be received by a wrong developer’s webhook URL, which is basically a method by which Twitter applications retrieve data. Apparently, to make this stop, a few more registered developers had to share their API subscriptions related to the very same public IP with the same URL paths. Twitter will likely delete every information that is not meant for them to have.
A report states that Twitter said it was “very sorry this happened.”
“Any party that may have received unintended information was a developer registered through our developer program, which we have significantly expanded in recent months to prevent abuse and misuse of data,” Twitter said.
It is the least there was any advantage taken of this unfortunate situation. Twitter stated that there is no evidence to support such behavior; however, the investigation is still under process. Twitter will be contacting people directly to see if their account was affected anyhow due to this bug.