sb-au logo
Story image

Twitter says sorry about Android bug that lasted four years

22 Jan 2019

Twitter says it’s sorry to its Android app users, after it admitted last week that some tweets that were supposed to be private could have been exposed to the world.

What’s more, the bug has existed since November 2014 – which means those tweets could have remained public for more than four years.

The issue on the Twitter for Android app disabled the ‘Protect your Tweets’ setting when certain account actions like changing an email address.

Anyone who changed the email address they used to access their account between November 3, 2014 and January 14, 2019 could have been affected.

While the bug was fixed on January 14, Twitter says it will provide updates if more information becomes available.

“We've informed people we know were affected by this issue and have turned "Protect your Tweets" back on for them if it was disabled,” says Twitter in a statement.

“We are providing this broader notice through the Twitter Help Center since we can’t confirm every account that may have been impacted. We encourage you to review your privacy settings to ensure that your ‘Protect your Tweets’ setting reflects your preferences.”

Twitter has offered a direct line of communication to its data protection officer Damien Kieran through an online form that the company has set up.

“We recognise and appreciate the trust you place in us, and are committed to earning that trust every day. We’re very sorry this happened and we’re conducting a full review to help prevent this from happening again.”

Twitter users who access the service via the web or iOS were not affected by the bug.

It’s not the first time Twitter has been under fire for bugs and glitches – in May 2018 the company urged more than 330 million users to change their passwords after an internal glitch exposed those passwords in a log file.

The bug was due to a problem with password hashing. The process wrote passwords to an internal log before they were hashed.

Although no passwords were stolen or misused, Twitter made sure users were informed and asked them to change passwords anyway.

Twitter is also under investigation by the Irish Data Protection Commission for potential breaches of the European Union’s GDPR regulations. 

“In November, the Data Protection Commission opened a statutory inquiry into Twitter’s compliance with the relevant provisions of the GDPR following receipt of a number of breach notifications from the company since the introduction of the GDPR.”

Story image
Malware and email scams targeting employees spread rapidly in Q2
"Businesses must stay alert and should employ defense-in-depth tactics and equip themselves with multilayered security mechanisms, including high-sensor spam filters and a VPN connection, which would prevent malicious pages from opening."More
Story image
Why it’s essential to re-write IT security for the cloud era
Key components of network security architecture for the cloud era should be built from the ground up, as opposed to being bolted on to legacy solutions built for organisations functioning only on-premises or from only managed devices.More
Story image
Understanding data is the first step in public sector cloud adoption
Before any cloud migration, it is essential to know exactly what data the organisation already has and where it’s located.More
Story image
Video: 10 Minute IT Jams - Who is CrowdStrike?
Today, Techday speaks to CrowdStrike ANZ channel director Luke Francis about the company's key products and offerings, its upcoming annual security conference, and the infrastructure it leverages in the A/NZ region.More
Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More
Story image
Fortinet’s ‘zero trust’ approach redefining security
Cornelius Mare, Fortinet A/NZ Director, Security Solutions, explains why taking a ‘zero trust network access’ approach to cybersecurity requires fully-integrated and comprehensive security services and policies.More