Twitter Security Breach Exposes Private Circle Posts to the Public
In April 2023, a security lapse at Twitter resulted in the inadvertent exposure of private Circle posts to a broader audience, prompting concerns about privacy on the platform. Although users had promptly reported the problem, Twitter only sent users an official email notification about a month after the incident.
“We’re contacting you because your Twitter account may have been potentially impacted by a security incident that occurred earlier this year (April 2023),” reads the email. “In April 2023, a security incident may have allowed users outside of your Twitter Circle to see tweets that should have otherwise been limited to the Circle to which you were posting. This issue was identified by our security team and immediately fixed so that these tweets were no longer visible outside of your Circle.”
The email to affected users explained that the security flaw may have allowed people outside of a user’s Twitter Circle to view tweets meant to be restricted to the Circle’s members. Twitter’s security team identified and resolved the issue, ensuring the affected tweets were no longer accessible to anyone outside the intended Circle. However, the delayed communication raised questions about the company’s transparency and dedication to user privacy.
Users took to Twitter to voice their concerns, with some reporting that their data was exposed in the incident. In response, Twitter issued an apology and reassured users of their commitment to safeguarding their data.
“We’ve conducted a thorough investigation to understand how this occurred and have addressed this issue,” the email notification reads. “Twitter is committed to protecting the privacy of the people who use our service, and we understand the risks that an incident like this can introduce and we deeply regret this happened.”
This event contributes to growing apprehension about data privacy on social media platforms. Over recent years, multiple prominent platforms have encountered similar problems, sparking demand for more stringent regulations and heightened user awareness of privacy risks.
Twitter has faced user security and privacy challenges before. Recently, the platform’s “shadow ban” flaw received an official CVE (Common Vulnerabilities and Exposures) number. This flaw allowed attackers to make a user’s tweets invisible to their followers without the user’s knowledge. Twitter has since addressed the issue, but the flurry of recent incidents highlights the platform’s challenges in its ongoing efforts to ensure user security and maintain trust.