Twitter Admits To Security Incident Involving Circles Tweets

May 8, 2023 TH Author headline,privacy,flaw,twitter

A privacy breach at Twitter published tweets that were never supposed to be seen by anyone but the poster’s closest friends to the site at large, the company has admitted after weeks of stonewalling reports.

The site’s Circles feature allows users to set an exclusive list of friends and post tweets that only they can read. Similar to Instagram’s Close Friends setting, it allows users to share private thoughts, explicit images or unprofessional statements without risking sharing them with their wider network.

But, in an email to affected users seen by the Guardian, Twitter admitted tweets had escaped this containment. “A security incident that occurred earlier this year,” the email says, “may have allowed users outside of your Twitter Circle to see tweets that should have otherwise been limited to the Circle to which you were posting.”

For weeks, users had been reporting Circles tweets receiving likes and views from accounts that should not have been able to see them. Twitter, whose press office has been largely destaffed and set to autoreply to requests for comment with a poo emoji, did not acknowledge the reports.

Now, the company says the issue “was identified by our security team and immediately fixed so that these tweets were no longer visible outside of your Circle”.

“Twitter is committed to protecting the privacy of the people who use our service, and we understand the risks that an incident like this can introduce and we deeply regret this happened,” the company said.

The email did not address separate reports that similar privacy breaches were occurring to “private” accounts, whose tweets should not be displayed to anyone save for their approved followers.

Since Elon Musk acquired the company in late 2022, Twitter has shed at least 60% of its headcount, with wave after wave of layoffs stripping teams to the bone. Over the same period, the site has experienced numerous outages, leading Musk to declare that it would not be stable until a “complete rewrite” of the site’s underlying code was completed.

Similar cost-cutting measures have led the service to stop paying bills for office space, janitorial supplies and web hosting, with mixed success. Even as Musk attempted to institute a full return-to-the-office mandate, Twitter employees in countries including Singapore and London faced eviction from their workplaces over unpaid rent bills.

More pressingly, layoffs in site-wide moderation teams have opened the company up to massive fines in countries including Germany, where effective content moderation is a legal requirement. The “systematic failure” of the social network to moderate well allows for fines of up to €50m (£44m) a case, the German lawyer Chan-jo Jun told TechCrunch last month.