sb-au logo
Story image

Twitter says sorry about Android bug that lasted four years

22 Jan 2019

Twitter says it’s sorry to its Android app users, after it admitted last week that some tweets that were supposed to be private could have been exposed to the world.

What’s more, the bug has existed since November 2014 – which means those tweets could have remained public for more than four years.

The issue on the Twitter for Android app disabled the ‘Protect your Tweets’ setting when certain account actions like changing an email address.

Anyone who changed the email address they used to access their account between November 3, 2014 and January 14, 2019 could have been affected.

While the bug was fixed on January 14, Twitter says it will provide updates if more information becomes available.

“We've informed people we know were affected by this issue and have turned "Protect your Tweets" back on for them if it was disabled,” says Twitter in a statement.

“We are providing this broader notice through the Twitter Help Center since we can’t confirm every account that may have been impacted. We encourage you to review your privacy settings to ensure that your ‘Protect your Tweets’ setting reflects your preferences.”

Twitter has offered a direct line of communication to its data protection officer Damien Kieran through an online form that the company has set up.

“We recognise and appreciate the trust you place in us, and are committed to earning that trust every day. We’re very sorry this happened and we’re conducting a full review to help prevent this from happening again.”

Twitter users who access the service via the web or iOS were not affected by the bug.

It’s not the first time Twitter has been under fire for bugs and glitches – in May 2018 the company urged more than 330 million users to change their passwords after an internal glitch exposed those passwords in a log file.

The bug was due to a problem with password hashing. The process wrote passwords to an internal log before they were hashed.

Although no passwords were stolen or misused, Twitter made sure users were informed and asked them to change passwords anyway.

Twitter is also under investigation by the Irish Data Protection Commission for potential breaches of the European Union’s GDPR regulations. 

“In November, the Data Protection Commission opened a statutory inquiry into Twitter’s compliance with the relevant provisions of the GDPR following receipt of a number of breach notifications from the company since the introduction of the GDPR.”

Story image
Over half of ransomware victims pay up - but does it work?
"Handing over money doesn’t guarantee the return of data, and only encourages cybercriminals to continue the practice."More
Story image
Pandemic sees organisations of all sizes and industries invest in CTI
There is opportunity for organisations to better manage their cyber-threat intelligence for greater security and threat intelligence effectiveness by adopting the right tools and processes.More
Story image
Imperva unveils new data security platform built for cloud
"The cloud has revolutionised IT, offering organisations a strategic opportunity to rapidly pursue new market initiatives and adapt their operations in the face of new business challenges."More
Story image
Why a more secure organisation is a collective responsibility
With vast volumes of data moving to the cloud, many IT professionals are frequently challenged to protect their enterprise environment, and there is a greater focus being placed on advancing cybersecurity strategies.More
Story image
Attivo Networks expands Active Directory suite for greater protection
"We see Active Directory exploitation used in the majority of ransomware, insider and advanced attacks. We are pleased to now offer our customers early and efficient solutions for preventing the misuse of Active Directory.”More
Story image
Microsoft Exchange breach a wake-up call to ditch the server
"There are owners who still have in-house exchange servers because they are suspicious of the cloud or have concerns about their data sovereignty or don't want to contemplate the capital expenditure. But the warning is clear. Get rid of them."More