Twitter accidentally revealed semi-private tweets last month that users had sent to closed groups of friends, the company acknowledged on Friday in an email sent to affected users.
Reports of the so-called Twitter Circle feature bug have circulated for weeks, but Twitter has kept mum on the issue until now. According to the email, which was viewed by Fortune, the "security incident" occurred in April and has been fixed.
"We’ve conducted a thorough investigation to understand how this occurred and have addressed this issue," Twitter said in the email, without providing details of the results of the investigation.
The social media first launched Twitter Circle last year, which is essentially a clone of Instagram's Close Friends feature. Users can add a select few friends to a group, and post exclusively for them. In practice, people use it to say things they wouldn't want a wider audience to know. Early last month, some users started to notice their Circle tweets were being liked by users not in their circle.
Confirmed someone I'm not even following was able to see a private Twitter Circle tweet (thank you @TheSahilDev)
— Theo - t3.gg (@t3dotgg) April 8, 2023
This hurts trust in the platform a lot. Should be top priority @TwitterEng pic.twitter.com/BCYPkikJ2p
Twitter representatives did not immediately return requests for further comment.
Twitter had not put out a statement on the bug, until now. In an email to users with the subject line "An incident impacting Twitter Circle users" from an official Twitter email address, the company informs recipients that the bug has been investigated and fixed.
Read the full email below.
Hello,
We’re contacting you because your Twitter account may have been potentially impacted by a security incident that occurred earlier this year (April 2023).
What Happened
In April 2023, a security incident may have allowed users outside of your Twitter Circle to see tweets that should have otherwise been limited to the Circle to which you were posting. This issue was identified by our security team and immediately fixed so that these tweets were no longer visible outside of your Circle.
We’ve conducted a thorough investigation to understand how this occurred and have addressed this issue. Twitter is committed to protecting the privacy of the people who use our service, and we understand the risks that an incident like this can introduce and we deeply regret this happened.
How to Protect Your Account
We take our responsibility to protect your privacy very seriously and it is unfortunate that this happened. While there’s no action for you to take specific to this issue, we invite you to visit our Public and Protected Tweets page (https://help.twitter.com/en/safety-and-security/public-and-protected-tweets)
This is an automated mailbox. For any questions or concerns you may have about this incident, please reach out to Twitter’s Office of Data Protection through our Data Protection Inquiry Form.
We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.
Sincerely,
Twitter Office of Data Protection