Since August 2022, the Twitter Circle feature allows users to send tweets to a restricted circle of users, these messages are not visible to Twitter users outside the Circle.
As reported by BleepingComputer, around April 7, some Twitter users noticed the issue. The Guardian reported that for weeks users had been reporting Circles tweets receiving likes and views from users outside the circle.
The social network giant confirmed the problem, it started notifying the impacted users.
“We’re contacting you because your Twitter account may have been potentially impacted by a security incident that occurred earlier this year (April 2023)”, reads a security incident notification sent by Twitter to the impacted users. “In April 2023, a security incident may have allowed users outside of your Twitter Circle to see tweets that should have otherwise been limited to the Circle to which you were posting. This issue was identified by our security team and immediately fixed so that these tweets were no longer visible outside of your Circle.”
“We’ve conducted a thorough investigation to understand how this occurred and have addressed this issue. Twitter is committed to protecting the privacy of the people who use our service, and we understand the risks that an incident like this can introduce and we deeply regret this happened.”
The company did not provide details about the security incident.
Since Elon Musk took ownership of the company, a large portion of its staff left the company and at the same time, the platform introduced multiple changes to its code.
We are in the final!
Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini
Please nominate Security Affairs as your favorite blog.
Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, privacy)