Reports suggest that a bug in Twitter's platform for third-party app developers just might have unveiled some Direct Messages (DMs) from nearly 3 million users to outsiders.
Although Twitter said that it fixed the problem, the bug basically ran from May 2017 and was discovered on 10th September.
"The bug affected less than 1 per cent of people on Twitter. The bug may have caused some of these interactions to be unintentionally sent to another registered developer," Twitter said in a blog post on Saturday.
"In some cases, this may have included certain DMs or protected tweets, for example a Direct Message with an airline that had authorised an Account Activity API (AAAPI) developer."
The Account Activity API allows registered developers to build tools to better support businesses and their communications with customers on Twitter.
Twitter currently has over 336 million users and one per cent means nearly 3 million of those were affected.
If your business authorised a developer using the AAAPI to access your account, the bug may have impacted your activity data in error.
"We're very sorry this happened. If your account was affected by this bug, we will contact you directly through an in-app notice and on twitter.com," said the company.
In May, the micro-blogging platform asked its 336 million users to change their password across its services after it discovered a bug that stored passwords in plain text in an internal system.
Twitter said it found no sign that hackers accessed the exposed data but advised users that they should enter a new password on all services where their current password has been used.
(With IANS inputs)