Twitter fixes 'rare' bug that made protected accounts readable, affecting 93,000 users

And the bug took no less than four months to fix, according to the company. Kudos to transparency, but sometimes ignorance really is bliss.
Written by Zack Whittaker, Contributor
Image: CNET/CBS Interactive

Twitter has squashed a "rare" bug that allowed non-approved followers to access the hidden tweets of tens of thousands of its users.

The microblogging firm said in a blog post on Sunday that 93,788 protected accounts — streams that are not ordinarily visible except to those that user follows — were viewable via text messages and push notifications as far back as November 2013.

The white hat community helped "discover and diagnose" the bug, the blog post read.

Twitter said it had also "removed all of these unapproved follows," as well as additional steps to prevent similar bugs occurring in the future.

According to Twitter's initial public offering paperwork filed with the U.S. Securities and Exchange Commission in October, the microblogging site had 218 million active users per month. Crunching the numbers, about 0.00004 percent of all users were affected by the protected accounts bug.

Although Twitter said the scope of the bug affected a fraction of its user base, "that does not change the fact that this should not have happened."

It said those hit by the bug were emailed to inform them of the bug, and to apologize.

Last week, Twitter suffered another error that resulted in a false number of password-reset messages sent out to many users, sister-site CNET reported.

It came just months after Twitter suffered a breach that forced the company to reset a large number of account passwords — though, the company admitted the scope of users was higher than the directly affected base of users.

Editorial standards