It looks like a Twitter bug that has been active since May of 2017 has been exposing users conversations and Direct Messages with unauthorized parties. Of course, Twitter is "very sorry" about the issue and has also alerted those that have been affected.
If you interacted with an account on the platform that utilized Twitter's Account Activity API (AAAPI), there is the chance that your interaction was shared with an unrelated developer. Twitter also stated that there is also the chance that users Direct Messages or protected tweets might have also been exposed because of the bug.
Twitter delivered some key points about the incident through its support website that can be seen below.
- The bug ran from May 2017 and within hours of discovering it on September 10, 2018, we shipped a fix to prevent data from being unintentionally sent to the incorrect developer.
- The bug affected less than 1% of people on Twitter.
- Any party that may have received unintended information was a developer registered through our developer program, which we have significantly expanded in recent months to prevent abuse and misuse of data.
As stated prior, if you were affected by the problem, you have already been contacted. Twitter has fixed the bug after its discovery last week and has also contacted developers to delete any information that they might have obtained because of this issue. The company is committed to investigating this further and as such will share more information if it becomes available.