Twitter has announced it has patched a bug over the weekend that potentially allowed hackers to read tweets posted from protected accounts without approval.
Twitter’s protected accounts program allows users to restrict who is able to read their tweets to a pre-approved list of followers.
However, as a result of the bug, in some circumstances hackers were able to circumvent the restrictions through the use of SMS or push notifications.
In a statement, Twitter’s director of information security, Bob Lord, openly apologised to users about the bug.
“We were alerted to and fixed a bug in our system that, for 93,788 protected accounts under rare circumstances, allowed non-approved followers to receive protected tweets via SMS or push notifications since November 2013.
“As part of the bug fix, we’ve removed all of these unapproved follows, and taken steps to protect against this kind of bug in the future.
“While the scope of this bug was small in terms of affected users, that does not change the fact that this should not have happened. We’ve emailed each of these affected users to let them know about this bug and extend our whole-hearted apologies.”
In the statement, Lord also thanks Twitter’s white hat security community for helping to identify the bug.