Twitter Bug Allowed Some Protected Accounts To Be Read By Unapproved Followers

The bad news: Since November of 2013, there’s been a bug in Twitter that allowed people to read tweets they shouldn’t have been able to see.

The kind-of-good-I-guess news: four months later, it’s fixed.

Twitter announced the fix in a rather detail-light security post, where they disclosed that 93,788 protected accounts had been vulnerable to a bug that allowed tweets to go out to unapproved followers.

(In case you don’t know: most Twitter accounts are public. “Protected” accounts are [theoretically] only readable by those who’ve been manually approved by the account’s owner.)

While they don’t go very deep on the specifics of the bug (saying only that accidentally un-protected tweets were sent via SMS/push notifications), they clarify that any unapproved followers who found their way in via this route should now be removed — and that if your account was affected, they’ve already emailed you to let you know. We’ve reached out to Twitter for more details on the specifics of this bug; we’ll update this post if we hear back.

Fixed or not, let it be a reminder: if you’re posting stuff that you really dont want anyone outside of a small group of people to see, Twitter … probably isn’t the right place for it.