Twitter disclosed that a ‘security incident’ caused private tweets sent to Twitter Circles to show publicly to users outside of the Circle.
Twitter Circle is a feature released in August 2022 that allows users to send tweets to a small circle of people, promising to keep them private from the public.
“Twitter Circle is a way to send Tweets to select people, and share your thoughts with a smaller crowd,” reads Twitter’s description of the privacy feature.
“You choose who’s in your Twitter Circle, and only the individuals you’ve added can reply to and interact with the Tweets you share in the circle.”
However, around April 7th, Twitter users began warning that tweets to Twitter Circles were no longer private and shown publicly to people outside of the Circle in their timelines.
In a notification sent to impacted users yesterday, Twitter says a ‘security incident’ is behind the public display of private Twitter Circle tweets.
“We’re contacting you because your Twitter account may have been potentially impacted by a security incident that occurred earlier this year (April 2023)”, reads a security incident notification sent by Twitter yesterday.
“In April 2023, a security incident may have allowed users outside of your Twitter Circle to see tweets that should have otherwise been limited to the Circle to which you were posting. This issue was identified by our security team and immediately fixed so that these tweets were no longer visible outside of your Circle.”
“We’ve conducted a thorough investigation to understand how this occurred and have addressed this issue. Twitter is committed to protecting the privacy of the people who use our service, and we understand the risks that an incident like this can introduce and we deeply regret this happened.”
While Twitter did not share what caused this security incident, the social site has rapidly changed the platform since Elon Musk took ownership.
Many of these changes revolved around increasing tweets’ exposure via Twitter’s recommendation algorithm, which Musk said in late March would be updated every 28 to 48 hours.
BleepingComputer contacted Twitter to learn more about the security incident and will update the article if we receive a response.
- Cauthon – 2 days ago
There is a lot of hatred against Twitter lately – actually, I suppose there is a lot of hatred around, just generally. No big surprise if someone intentionally attacked them. I just found out about the major attack against SolarWinds and other top level cyber security companies, even including our own Malwarebytes – and a multiplicity of government departments (probably not so much of a big surprise there). Seems to be continually getting harder to be safe. I have never felt comfortable using "cloud" storage; seems to me I have trouble enough worrying about safety on my own computer, why would I want to store my backups on somebody else's computer and hope that they will be safe there? I am not Hillary Clinton, needing a place to hide files in fear of public exposure, so I prefer to keep my files in one place; and I have a fireproof file cabinet for my external hard drives and USB backups (with an air gap between them and the great outdoors).