A bug that allowed anyone to receive tweets from protected accounts has now been squashed by Twitter. The bug has been in existence since November 2013 and allowed even non-approved followers to see tweets from within protected accounts.
However, it wasn’t until the weekend that Twitter made the bug public along with a statement that it’s now been fixed.
“We were alerted to and fixed a bug in our system that, for 93,788 protected accounts under rare circumstances, allowed non-approved followers to receive protected tweets via SMS or push notifications since November 2013. As part of the bug fix, we’ve removed all of these unapproved follows, and taken steps to protect against this kind of bug in the future,” Bob Lord, Director, Information Security at Twitter wrote in a blog post.
Twitter says the scope of the bug was small, though with nearly 100,000 accounts affected, we wouldn’t call it so small. Essentially using Twitter’s SMS ‘interface’ and push notification service, you could follow accounts that would require permission on the web or when using an app.
Read more