Twitter says it became aware of activity on Dec. 24, 2019, involving someone using a large network of bogus accounts to exploit the API. Twitter says the flaw has now been fixed, but not before at least one large-scale effort exploited it. Any resulting impact on users remains unclear. Twitter has apologized for the flaw, saying privacy and safety of the people who use Twitter is one priority. It is possible that some of these IP addresses may have ties to state-sponsored actors, Twitter says.”]
Source: https://www.cuinfosecurity.com/twitter-warns-api-flaw-abuse-may-have-unmasked-users-a-13680