Twitter has confirmed that a security incident exposed private tweets sent to Twitter Circles to the public. The microblogging platform has confirmed that the flaw has now been fixed.
Twitter Circle launched in August 2022 for users to send tweets to select individuals, promising to keep them private. Elon Musk-owned Twitter recently opened API access at zero charges for accounts posting public announcements, including weather alerts, transportation information, and emergency warnings.
A report by Bleeping Computer revealed that Twitter users began warning that tweets to Circles were no longer private since April 7, 2023. Some users reported Circles tweets received likes and views from other accounts.
The platform revealed that it conducted an investigation to understand how the issue occurred and it addressed the issue. However, it did not reveal what caused the security incident.
“In April 2023, a security incident may have allowed users outside of your Twitter Circle to see tweets that should have otherwise been limited to the Circle to which you were posting. This issue was identified by our security team and immediately fixed so that these tweets were no longer visible outside of your Circle,” a Twitter notification said.