Windows 10: Twitter discovered a bug in Account Activity API exposing data

Brink · Sep 21, 2018

We recently discovered a bug in our Account Activity API (AAAPI). This API allows registered developers to build tools to better support businesses and their communications with customers on Twitter. If you interacted with an account or business on Twitter that relied on a developer using the AAAPI to provide their services, the bug may have caused some of these interactions to be unintentionally sent to another registered developer. In some cases this may have included certain Direct Messages or protected Tweets, for example a Direct Message with an airline that had authorized an AAAPI developer. Similarly, if your business authorized a developer using the AAAPI to access your account, the bug may have impacted your activity data in error.

It is important to note that based on our initial analysis, a complex series of technical circumstances had to occur at the same time for this bug to have resulted in account information definitively being shared with the wrong source. More here.

Key updates:

The bug ran from May 2017 and within hours of discovering it on September 10, 2018, we shipped a fix to prevent data from being unintentionally sent to the incorrect developer.

The bug affected less than 1% of people on Twitter.

Any party that may have received unintended information was a developer registered through our developer program, which we have significantly expanded in recent months to prevent abuse and misuse of data.

What’s next?

If your account was affected by this bug, we will contact you directly through an in-app notice and on twitter.com.

We have contacted our developer partners and are working with them to ensure that they are complying with their obligations to delete information they should not have.

Our investigation is ongoing. We will continue to provide updates with any relevant information.

We’re very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day. For more on our updated API policies and how to monitor the apps you are using on Twitter, see here and here.
Click to expand...

Source: Fixing a bug in our Account Activity API

Tweet

— Twitter API (@user) View on Twiiter[/quote]

Tweet

— Twitter API (@user) View on Twiiter

:)
Click to expand...

10TaTioN · Sep 21, 2018

Snow Leopard bug can delete entire account data

A bug has been reported in Apple's new Snow Leopard version of OS X that can result in the loss of an entire user account's data. The glitch seems to be triggered by using a Guest account and then trying to log back into a regular account.

According to multiple topics on the Apple Support discussion boards, the problem can occur when a user logs into their Mac's Guest account -- whether by accident or on purpose -- and then tries to log back into their regular account.

In some cases, users have reported finding their regular account empty of data, as though it were a brand new account.

Speculation is that something makes Snow Leopard treat the regular account like a Guest account, from which by default all data is deleted upon logout. Further speculation is that the problem occurs when the Guest account was already enabled in Leopard before being upgraded to Snow Leopard.

The problem started being reported within days after Snow Leopard's shipping, but the discussions are all still marked "not answered"

The only solution for getting the deleted data back is to restore it from a backup.

An article on MacFixIt suggests disabling the Guest account entirely, or at least disabling it and then re-enabling it so that it's a native Snow Leopard account. Another suggestion for those who need a temporary account is to create a new Standard account and use Parental Controls to restrict it.
Click to expand...

Source: iTWire

Brink · Sep 21, 2018

You should change your Twitter password due to bug

When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it. We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone.

Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password. You can change your Twitter password anytime by going to the password settings page.

About The Bug

We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system. This allows our systems to validate your account credentials without revealing your password. This is an industry standard.

Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.

Tips on Account Security

Again, although we have no reason to believe password information ever left Twitter’s systems or was misused by anyone, there are a few steps you can take to help us keep your account safe:

Change your password on Twitter and on any other service where you may have used the same password.

Use a strong password that you don’t reuse on other websites.

Enable login verification, also known as two factor authentication. This is the single best action you can take to increase your account security.

Use a password manager to make sure you’re using strong, unique passwords everywhere.

We are very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.
Click to expand...

Source: Keeping your account secure

Tweet

— Twitter API (@user) View on Twiiter

victor cuadra · Sep 21, 2018

Unable to delete twitter account

I added my twitter account to my 7.5 HTC Trophy phone. I then tried to remove the same account, but no matter what I do, when I delete the account, it immediately just pops back into the phone. It's gone for a couple seconds, then my Live account
syncs, and the Twitter account magically shows up again. This is getting frustrating - anyone have any suggestions as to how I can fix this?
Click to expand...

How to Fix your Integrated Twitter account on your Windows Phone.

Go to your settings.

Select “email+accounts“

Find your twitter account on this list.

Tap and hold this twitter account and select “Delete“

After the phone tells you everything has been deleted you can turn off your phone.

Turn back on the Phone.

Go to your settings

Select “email+accounts“

Select “add an account“

Select “twitter“

Input your credentials and authorize the Phone to use your Twitter account.

The message “setting up the account” will be displayed.

Wait about 5-10 minutes

Windows 10: Twitter discovered a bug in Account Activity API exposing data

Twitter discovered a bug in Account Activity API exposing data

Twitter discovered a bug in Account Activity API exposing data

Twitter discovered a bug in Account Activity API exposing data

Twitter discovered a bug in Account Activity API exposing data - Similar Threads - Twitter discovered bug

Someone is trying to log into my account after my login details were exposed in a data...

Twitter for Android security vulnerability discovered and fixed

Introducing a new and improved Twitter API

Discovered Bugs in 1903 Update

Twitter bug impacts collection & sharing location data on iOS devices

Facebook API bug exposed user photos to third-party apps

Discovered Major Bug!!!

Massive leak exposes data on 123 million US households

Password manager OneLogin hacked, exposing sensitive customer data