This article is more than 1 year old

Twitter admits 'security incident' made private Circles not so much

Perhaps one of the thousands of people laid off from the biz could have fixed it, just a thought

Twitter has finally admitted a "security incident" caused some users' semi-private Twitter Circle tweets to show up on others' timelines.

Some of these tweeters took to — where else — Twitter to share an email they received this weekend.

"In April 2023, a security incident that may have allowed users outside of your Twitter Circle to see tweets that should have otherwise been limited to the Circle to which you were posting," the email stated. "The issue was identified by our security team and immediately fixed so that these tweets were no longer visible outside of your Circle."

The email, however, didn't say why it took the Elon Musk-run biz nearly a month to notify users about the privacy breach — weeks after users started reporting problems with the platform sharing their tweets with the public instead of only family and friends belonging to their Circle. 

Circle is supposed to be a more private messaging service, so some of these tweets that were unintentionally shared in April included NSFW pics.

As the social network explains on its "About Twitter Circle" page: "You choose who's in your Twitter Circle, and only the individuals you've added can reply to and interact with the Tweets you share in the circle."

Until it breaks, as is often the case under the Twitter 2.0 leadership, which has slashed the microblogging site's staff in ongoing attempts to cut costs. 

We'd love to know more about the April security incident — such as what caused it and why the lag between fixing it and notifying users — though Musk and company no longer reply to emails from the press. We did send these questions to what used to be Twitter's PR department and received the automated poop-emoji reply, as expected. How adult.

Also in April: a security researcher spotted a "shadow ban" vulnerability in the chunk of internal source code that Twitter made public on March 31. The bug was serious enough to earn its own CVE, as it can be exploited to bury someone's account of sight "without recourse."

And then there was also the massive data dump earlier this year in which more than 200 million Twitter users' information, including account names, handles, creation dates, follower counts, and email addresses, was posted online for anyone to download. 

Some of the well-known people and organizations in the 63GB database leak include Donald Trump Jr, Google CEO Sundar Pichai, SpaceX, the US National Basketball Association, CBS Media, and the World Health Organization.

A Twitter user subsequently sued the troubled social media platform over that data leak as lawsuits have also become business as usual under CEO Elon Musk. ®

More about


Send us news

Other stories you might like