Twitter fixes protected tweet bug

Twitter issued a fix on Sunday for a problem that affected protected Twitter accounts. These are accounts for user who wish to have some level of control over who views their social media missives for whatever reason.

Kinda defeats the whole "social" aspect but, whatever.

The issue in question was that protected accounts could be followed by people who added them via SMS rather than via the app or website. 

From Twitter Blog:

We were alerted to and fixed a bug in our system that, for 93,788 protected accounts under rare circumstances, allowed non-approved followers to receive protected tweets via SMS or push notifications since November 2013. As part of the bug fix, we’ve removed all of these unapproved follows, and taken steps to protect against this kind of bug in the future.

While the scope of this bug was small in terms of affected users, that does not change the fact that this should not have happened. We’ve emailed each of these affected users to let them know about this bug and extend our whole-hearted apologies.

Since November 2013? Whoops. That's got to sting a bit.

I have to admit that I had forgotten that you could even issue Twitter commands via SMS. Here is the SMS command for following an account on Twitter that was most likely the culprit,

FOLLOW [username]: allows you to start following a specific user, as well as receive SMS notifications. Example: FOLLOW jerry, or F jerry, for short.

Twitter has been no stranger to security issues and they continue to make improvements. After all, it was only in 2012 that Twitter turned SSL on by default. 

Kudos to Bob and company for their quick action to repair this issue and alert their customers. 

(Image used under CC from pasukaru76)

Copyright © 2014 IDG Communications, Inc.

8 pitfalls that undermine security program success