A Twitter bug allowed third-party applications to access Direct Messages of users who signed in to the apps by using their Twitter account, reported IOActive researcher Cesar Cerrudo. He discovered the flaw while testing a web application that was still under development, but which allowed users to sign in by using Facebook or Twitter accounts. Twitter took its security team less than 24 hours to fix the bug, but warns users to revoke apps to which they never gave permission to access their DMs. The bug was fixed within 24 hours, but Twitter hasn t appraised its users of the matter.
Twitter bug gives 3rd-party apps access to users Direct Messages
