Twitter says software bug exposed direct messages

Twitter announced Friday that some users' private messages and protected tweets may have been leaked to third-party developers as a result of a software bug that ran for more than a year.

The bug caused certain private interactions between users and businesses offering services via Twitter to be sent in error.

The issue, which was fixed within hours of its discovery on September 10, ran from May 2017, Twitter posted on its website.

"Any party that may have received unintended information was a developer registered through our developer program, which we have significantly expanded in recent months to prevent abuse and misuse of data," Twitter said in a statement.

Read more: Privacy is not dead, but it’s going to cost you

The company added that the bug affected less than 1 percent of its users. For the second quarter of this year, Twitter logged 335 million average monthly active users.

The San Francisco-based company said it will notify those affected directly through an in-app notice or via its website.

Read more: EU gives Facebook, Twitter ultimatum on consumer protection laws

Twitter added that it has contacted developers to ensure they delete the information received as a result of the bug.

"It is important to note that based on our initial analysis, a complex series of technical circumstances had to occur at the same time for this bug to have resulted in account information definitively being shared with the wrong source," Twitter said. 

Each evening at 1830 UTC, DW's editors send out a selection of the day's hard news and quality feature journalism. You can sign up to receive it directly here.