Privacy Disaster At Twitter: Direct Messages Exposed (Update: GroupTweet Is Likely Culprit)

Saw it happening, very very frightening

Yes I saw it too..I think it is some sort of a bug and will get fixed soon.

must be pretty scary for some people

Poor Twitter. They must really be struggling with the scale issues. So many random marking blogger types are signing up for accounts and following half the twitterverse.

I think there is a fundamental question here, twitter is Queue driven internally - how the hell did direct messages even make it into the same Queue/DB as regular timeline updates?

Using Twitter for private conversation is asking for trouble.

It seems all major web apps have to go through some sort of privacy scandal these days… Let’s hope Twitter handles this better than Facebook did by providing a more immediate explanation and public apology.

Wasn’t it just GroupTweet (http://grouptweet.com)? I once saw somebody who misunderstood the site and put their own credentials in there, which exposed a couple of DM’s.

this is really scary…. not again twitter please =(

that’s more of a sh!tter than twitter. Yikes, some serious embarrassment for twitter and a potential disaster for users.

(thinking aloud) Wonder what the proportion of direct messages is to broadcasts…

Must be a bug specific to certain users … here it seems to work fine (private messages do not show up in public stream: http://twitter.com/tunesbag

I don’t think that posting anything that should be private on twitter is really wise. This platform was meant to be public in the first place. It still is interesting how could it get messed up. One thing for sure - twitter is a scalability case study for the whole web 2.0

Wow. That’s pretty bad for twitter. But I guess this just highlights a general issue of the whole web 2.0 trend. Who can I trust with my personal information. If it’s not on my own machine, I’m just out of luck, if something goes wrong.

try to avoid using ‘grouptwitter’ on an active account - this has a similar effect - in that is just turns out ALL of your direct personal messages into the public timeline - as i found out last week - not good at all.

twitter has become a great micro blogging social network - despite being as flaky as hell sometimes, having something like this happen to your personal messages is clearly not good for their ability to manage data - nor maintain a basic level of privacy and protection for the users.

imagine the private messages of @1938media and Shel Israel - man that would make interesting reading

dailytwitter

That’s a pretty fundamental privacy issue if ever I saw one - I’m glad I’ve never even sent a DM on twitter.

Surprise but no surprise…

BTW, Don’t use Twitter services that ask you your password. They’ll be able to do this kind of stuff, by accident most likely.

Twitter makes it quite clear that users can expect privacy when direct messaging:

http://help.twitter.com/index......#038;id=15

Has happened to a twitter user in India also : gauravonomics

this is interesting, we are investing a lot of time and effort, and clearly personal information into services that are completely free and without any guarantee of performance, security or trust - when these free services all fall over we complain and create a fuss over something which was free to begin with and we took at face value.

What would you do if Yahoo! just trashed all your mail - what re-course do you have? This would make for an interesting litigation in the case of a celeb with money - would the provider of the channel to market be prosecuted?

any thoughts?

dailytwitter

using ‘www.grouptweet.com’ also has the same effect on your account - i dont know if you guys caught this one? It just exposes your entire private message history - as i know from experience.

dailytwitter

Might be it’s time to rewrite their “private message in several ways” to
“message private in several ways”

This is perhaps the first, but not the last “privacy” issue that we will hear about, but not just on twitter. The entire concept of private spheres and public spheres is morphing before our eyes, and those of us on twitter and other “life-following” services (especially QIK and Viddler) are participating in this grand experiment. It seems like transparency is inevitable, but nevertheless it is a scary surprise sometimes.

You don’t have to delete them one at a time if you’re using a multi-tabbed browser (or at least I didn’t on firefox). Hold down the ctrl key (or the mac equivalent that opens a link in a new tab) throughout clicking on the various trash icons and OK messages and you can more than one in a go.

I can only hope it was an effect of using Grouptweet, as this is a major major blow to twitter if it’s a native fault.

And also to 22 above, we may be seeing a meld of the public and private spheres, but no matter how much of our personal lives we’re willing to put up to public scrutiny, there’s always the “intimate” sphere, which we’ll never share in that way.

If GroupTweet can expose the DM stream, then surely that’s an issue with the Twitter API isn’t it? Why would they build that ability into their API?

This is why you never give out your credentials for one site to another site.

It is quite scary - in fact there are a lot of bugs that have been surfacing the past few weeks - i sincerely hope the developers are working fast enough - i know they are working hard but speed is of the essence

My wishes with you guys - GodSpeed!!

p

see update. still digging on this.

If you don’t want it on the front page of the New York Times, then don’t put it in Twitter. Of course, I don’t know what we’ll say when there is no front page of the New York Times.

GroupTweet needs to, at the VERY LEAST, make it much clearer on their site to NOT enter your twitter credentials.

I only use DM when its a conversation that should be taken offline but if by chance it ended up in my public feed would cause harm or embarrassment.

This is pretty bad. I hope that 3rd party application is banned to be used by Twitter, or is made non-functional by twitter - at least until the bug gets fixed. I use twitter to update my blog readers via its public message. Haven’t used private messages yet, and wont be doing so using group tweet.

http://www.mrfeedback.net

My recommendation: go nowhere near the grouptweet site for now.

I have to agree with Martin Jamieson, if Grouptweet can get your private messages through the API then there is already something wrong with Twitter. I wonder if the API even shows any difference between private messages & regular tweets …

When I read the Grouptweet homepage, it seemed quite clear to me you shouldn’t enter YOUR twitter details but have a special group one set up.

Raja - this isn’t a “bug” as far as I can tell, it’s simply how grouptweet works if you tell it your twitter credentials, instead of the new twitter account credentials that you are supposed to create for the application.

This scared the hell out of me!

GroupTweet is done for. Does anyone think you can actually recover from this?

Wow! I see a lot of dirty laundry being exposed! Scandals galore!

Hope lessons learned all around. Never say anything that you may regret later! This goes for public and private!

One immediate problem with GroupTweet is that it appears to monitor sent as well as received direct messages (it should only monitor received, even when working normally). But, frankly, it’s a dangerous application if in fact it is the cause of all this.

Someone needs to build a better service. These guys are NOT ready for primetime.

http://www.tech-exposed.com

Wow, they’ve really dropped the ball on this one. People will remember this for sometime to come.

how unpleasent the situation may be, I still see Grouptweet as a good initiative. Especially in combination with SMS it is a powerfull tool!

Even if Grouptweet has a problem, the idea seems sound. Is there a better way to do it? It’s less than a month old, no? Once the dust settles, I’d say it’s something to revive in a secure, transparent way.

Thats the Fun part of Twitter. It is an amalgamation of applications!

The Twilight Zone! Now you see it, now you don’t.

knackerdhack -

it looks to me like grouptweet could be built on the Twitter API without this risk. See: http://groups.google.com/group.....umentation

new

Sends a new direct message to the specified user from the authenticating user. Requires both the user and text parameters below. Request must be a POST. Returns the sent message in the requested format when successful.

URL: http://twitter.com/direct_messages/new.format

Formats: xml, json

Parameters:

* user. Required. The ID or screen name of the recipient user.
* text. Required. The text of your direct message. Be sure to URL encode as necessary, and keep it under 140 characters.

maybe it’s time Orli gets a life

“I have to agree with Martin Jamieson, if Grouptweet can get your private messages through the API then there is already something wrong with Twitter.” Ditto that… but more importantly…

Did you know that if your Twitter DM goes over 140 Characters it winds up on the Public Timeline?!? I’ve had it happen to me.

What happened here is a FAIL for GroupTweet but what happened to me is a big fat FAIL for Twitter.

I think one of the hallmarks of good journalism is getting the facts straight before posting a story. In this case, the desire for an exclusive has clearly overridden the requirements of gathering facts.

It could be said that publicising the story allowed the true story to come to light, but that only emphasises how the original report should have been more carefully phrased. The headline is still confusing people.

Yeap! the antisocial part of the social networks…

Techcrunch has become TechTwitter. All the time just news of Twitter

Twitter everywhere

I think some are missing the point of having a full API. There is absolutely _no_ fault for Twitter in this case. They’ve implemented an API that basically would allow you to completely recreate their website in a client of your own whether it be desktop or web. That’s allowing _your_ data to run free.

GroupTweet should have read the specification more carefully and users need to think twice about who they give their credentials to. If you give out the keys to your house to strangers, don’t be surprised when your stuff is gone.

James - no.

this is exactly what blogging is supposed to be.

chowda - I disagree. Twitter should have moved to block grouptweet. The application can easily be built in such a way that there is no risk of this happening, but it wasn’t, and Twitter users are taking the hit. Not only that, you don’t even have to be the user who makes the mistake. If anyone you send a message to screws up, your messages to them go public. I believe Twitter has a responsibility to protect its users from applications like grouptweet.

i would have thought grouptweet not to restrospectively dump your entire DM history to the public timeline - but then i expect twitter to work all the time - ho hum.

this was the dailytwitter.

this is scary indeed.

Am I one of the only ones here that thinks this has nothing to do with Twitter? It appears it’s just an issue with Grouptweet and even then - it’s just that they need to work on the clarity of their communication. Grouptweet tells you to create new account credentials - it just needs to make it clearer. More of a usability issue I would say!

Mel - no, you’re not the only one. There are a bunch of other people who are wrong, too.

i think James has a valid point re the rush to grab a headline and traffic versus the need to report accurately the story - however in journalism the balance is never black and white - one has to make a call at some point to break the story based on the information to hand…

dt

Mike, Twitter is so totally overrated it is unbelievable, it has not even raised an iota of interest with mainstream folk.

Most tech guys are not at all representative of the broader technology users and need to get some of that perspective to make their comments more informed and relevant.

dailytwitter - a twitter user had her direct messages published, which i verified directly by reading them. One other user said it happened to him as well. That’s a story. I then spent an hour more digging into what could have been the cause, and updated. not a correction, but an update with the likely reason behind this. Furthermore, the only way I could have gotten the information in the update in any timely fashion was by posting the initial facts, and taking user comments.

In social media journalism is built by consensus not buy authority!

The same thing happened to me a few days ago, I just deleted my GroupTweet accounts. Also I think if you use the same password for multiple twitter accounts it gets worse.

I’m @waynesutton on twitter and I think GrouptTweet needs to be taken offline.

senor arrington i am not critising your approach, i think you did the right thing - which is to expose the inadequacies of the twitter application - although i do think user error in not reading the grouptweet blurb is a factor - i know this from experience

twitter are negligent in that they should not permit this kind of misuse of their API - had this happened to say erm 1938Media and @ShelIsrael i am sure we would be havnig a different conversation

dailytwitter

well i never used grouptweet so this is a good heads up not to use it. I wouldn’t put anything on twitter that i thought was private unless i wanted my privacy to be known. I feel everything on twitter can be found on google. just put twitter in front or behind anything your looking for and it comes up with twitter conversations.

Twitter problems, is it the api? 

Ok, first things first, GroupTweet does not go into our directory.

Secondly, I don’t need to explain the frustration I have went through this morning all because of unclear directions that were given. All my private information was revealed to all, which does not make anyone feel comfortable.

The original message is found here: http://farm3.static.flickr.com.....75c9_o.jpg
It does not specify if I must enter the group account or enter using my personal account, so I may then select which of my groups I would like to register.

I check websites on a daily basis, perhaps this is a good lesson for me regarding the private information I provide so quickly. But I have no doubt that Tweeter were mistaken at providing access to ALL my private information. Especially, since this was an incident that happened before (See comment #18)

Moreover, I didn’t know that the problem occurred from the application I tried until I saw the name of the application within the comments.

Bare in mind that something such as this could happen to any of you, and posts like these could help prevent it from happening to you as well.

@44: That is definitely a great idea

wayne - great video comment.

@michaelarrington

I agree that Twitter should block API requests from GroupTweet once they were notified of the direct messages issue, but it seems that you’re implying that Twitter should protect users from themselves. I think the larger issue is that websites that require you to provide them with your username and password to a 2nd party should be more carefully examined before they’re used.

chowda - i agree somewhat. But there is always a cost benefit analysis when entering your credentials into another site. Is it your bank account? Then be very careful. But Twitter? The worst that could happen it seems to me is that they get access to the account, maybe make some posts, delete stuff, even change the password. All of that can be undone, and the risk of it happening are low. But having your direct messages made public? That’s something I would never have considered a possibility. And as I said above, I very easily could have made this mistake myself.

Who needs Soaps when we have TechCrunch!

@Mike

Yes, you can do group direct messaging through the twitter API, fairly easily.

Although not primarily aimed at group messaging, you can do so through http://twitplus.com which uses the twitter API.

@arrington - do you ever use your twitter account?

dt

Just goes to show that private on the Web isn’t private at all. Perhaps anyone who wants to send and receive private message should use old technology: the phone.
Yes, it’s a crazy concept but sometimes old has advantages over new.

Just repeating my comments 

@Orli After reading it i can clearly see that the msg is confusing. I am sure its frustrating to find out that your private info exposed. I think they should be more specific and tell the users exactly which user to put in: “the personal” one or “the group” one in order to register a group. If it counts for something it could have happened to me as well and I am glad i read it here so i will not make the same mistake. information on the net is delicate and more companies should pay attention with the api tools they offer.

We’ve been testing GroupTweet as an intra-office communication tool successfully for a few days… so far so good.

HOWEVER, as with any new tool (Twitter, Facebook, etc.) you must ensure you FULLY understand how an app works before jumping in.

Setting up GroupTweet is really no different than setting up an email distribution list. We simply setup a group Twitter account, locked down the outgoing tweets and had the office folk request to follow. Once everyone’s approved, direct messages are used to send the messages since that’s the ONLY way to send a private message in Twitter. The message then appears as a normal Tweet, but only in the streams approved by the ‘group’ account.

I’d hate to see GroupTweet go away, because it appears to me that when used properly it has great potential. Twitter itself is confusing to newcomers, and has great risks associated with it (just ask anyone who’s sent a DM using ‘dm’ instead of ‘d’) - but that doesn’t make dangerous. There’s just a learning curve. Same applies to GroupTweet.

dailytwitter - that is not my account. I’m @techcrunch

How about not using a half assed web messenging service to communicate privately. Maybe like send SMS, email, or like pick up a phone once in a while?

so.. what was the content in that DM?

The dependencies that we are now exercising with free tools such as twitter is no difference then the usage of another IM tool, however the cross interaction between public and private timeline and the expatiating growth of twitter providing a full fledge API without monitoring to what capacity 3rd party applications are implementing solutions.
Nevertheless Grouptweet probably just made a hiccup and did not realise that this would occur, they certainly need to make a public announcement about whats gone wrong here and that they are rectifying the problem. Do they have a privacy policy?

And the fact that Aaron Forgue has yet to pick up on this and start twittering a public announcement is not helping the damage done. it simply needs to be addressed ASAP, the entire focus of GroupTweet is on private messaging. Damn this is a just a mess for them

Hold on just one second.

If you hand over your username and password to a service, then you have to expect that service will have the exact same access privileges as you do. Twitter did not mess up in this instance. Even if twitter did not have an API then it would be possible to get this information with the username and password, so why should the API block it?

Having said all of this, it should be seriously obvious to twitter that they need to implement token based authentication with different access levels as soon as possible (similar to the system that flickr has in place when you use a third party application).

Whatever happened to caveat emptor? If you give your car keys to somebody and they steal your car then it would be your fault for handing over your car keys to somebody that you couldn’t trust; don’t blame the car for getting stolen.

One of the lessons learned in this twitter example is that there are risks associated with making (and opening) an API for public consumption (or when opening an API to partners). As more companies (and it’s not only startups, enterprises are doing this, too) make info available via an API, they need to put biz rules and mgmt infrastructure in place to quickly make changes when issues like this happen. It’s similar to putting a firewall in front of your API to manage security, throttling, and even controlling multiple versions of an API.

@mashery

Michael,
Thank you for breaking this story (though it ruined my morning!). I’d love to make this right for everyone. Please contact me directly so we can sort this out.

I apologize to anyone and everyone who was affected. I will work my hardest to fix the situation.

Aaron

What can I say? It’s like plumbing, the more joints in the pipework, the more likelihood of a leak somewhere. I’m sure GroupTweet didn’t mean to cause problems to users, but with apps using Twitter’s API coming in thick and fast, it was bound to happen at some point…

Glad to see the team are doing their best to help, at least!

Doesn’t matter. We need twitter more than they need us

Yikes! Talk about a third party tool messing with your credibility.

Michael, are you now more agnostic in general on the proliferation of APIs around social media? Because many of them threaten privacy and freedom everywhere — FB, Twitter, whatever.

Your point at #67 is really the point everyone learns either by experience, or by starting out with more wariness. For example, all the SL third-party APIs require you to turn over your SL name and password. Why would you do that if you didn’t want someone to steal your inventory and your money? It’s just common sense. FB apps also *still* forcibly require you to sign up 20 of your friends which is not only about viral marketing but about scraping proximity data.

orli’s had issues with dm’ing for a while. last week she dm’d someone in a direct connect, i dm’d her to tell her to use the person’s username after the ‘d’ when using her phone.

seems to me this is a USER issue, not a twitter issue, unfortunate that a somewhat ‘high profile’ made the mistake, i mean, who the hell trusts an unknown third party with usernames AND passwords?

for as widely known as Orli is, and the go2web20 webjumble this does not mean that it is immediately the service and not the user. Orli should have known better. web2.0 is about being smart, not naïve.

Those accusing Mike of being a little too quick to break this story in the way he did do have a point.

In the original article, he said something like “if it’s happened to 1 or 2 users, it’s probably happened to many more”…

The very nature of Twitter means his network would have already alerted him if it really was a widespread security breach rather than just a couple of people misunderstanding a third-party site.

I only wish I had been able to read what she was so upset about. Must have been juicy. Maybe I’ll try googling it.

Hey all, I’ve updated the site by turning off registration for the time being. Please do not blame Orli for this. Users should never be blamed for ambiguous instructions. I should have done a better job of verifying that a non-personal account was registered.

Please folks, keep the heat on me, not on Orli.

My private messages have started showing up too (tho they’re not very private) and I’ve never used GroupTweet… I did however sign into twitter using twittearth the other day.

Gee, I hope no one finds out my secret identity! My loved ones would be in mortal danger!

I’m not going to bash Orli for this, but someone needs to get Aaron’s back here.

He service didn’t have a malfunction, a user or two DIDN’T READ THE INSTRUCTIONS.

So the app works perfectly if you do… I use it with my buddies and there’s a ton of stuff which I’m glad has never been leaked

I think there needs to be a Twitter section on TC.

Harry “that way we can ignore that section” Wang

Michael
Add me/Follow me

Ben, I’m having enough problems doing damage control with my service, not sure I can support twittearth as well….

It’s not Twitter’s “fault” nor is it a technical problem of Grouptweet. “Feeds” as the basis of data sync/migration/exchange/mash needs to be understood. If I forwarded my Gmail to an email address which is a Yahoo Group or Google Group, the email will get published, others will likely read it. I think few people will have done that by mistake, because we have learned what “email forwarding” means. Ask a normal user about the principles of an RSS feed and RSS read, I am sure many will get it wrong.

Does Twitter need to implement more group features and privacy settings? Honestly I think, the success of Twitter lies in it’s brutal simplicity. That makes it an ecosystem, that makes it so interesting for all 3rd party services. And we are just learning to use that kind of microblogging, just as we did before with email, forums, blogs etc. Orli’s experience will help us understand what we do.

P.E.B.C.A.K.

Seems to me that some people forgot that entrusting very personal comments and information into the internet is usually a bad move as they could end up being public one way or another. But seriously, why not just use something like say, a stable IM client or an e-mail or maybe a phone?

Twitter could have moved to block the GroupTweet app once it figure it out, but this isn’t a case of bug or malicious intent, it’s simply a miscommunication between users and the developer of the 3rd party app.

This is probably the best example of people not reading or assuming too much about they are doing online for today.

Remember kids, read before you surf, cause if you start assuming things, well, you know. And if you don’t know, ask your mother.

Thanks for the information and the updates on it !

I’m afraid that even with deleting the message on twitter, the case isn’t closed.

What happens if you use friendfeed, lifestream or another aggregator ? a message deleted from twitter does it gets deleted over there as well ?

I’m afraid not; not immediately anyway (earlier this month I deleted a message with a fault and found it bad afterwards in one of those services, I don’t recall which one, a minute or so later…)

Yawn.

So the girl gave her twitter password to a random 3rd party service and this service disclosed her private twitter info… well, we can’t say she didnt had it coming…

Wait, people actually *are used* to give their credentials away to anyone, just like Robert Scoble did to Plaxo and got his account on Facebook cancelled… nevermind, people are stupid by default, I keep forgetting it.

Well, this whole issue is hilarious though it does point out some interesting things…

Posted some comments on my blog

just another web2tard that shot herself in the foot, real news please

I’ve just updated my thoughts on my blog here:
http://marketing-seo.com/twitt.....-apps.html

For those of you who don’t think Twitter is partly to blame in all this? why not? Surely one of the business rules they’ve got to lock in is that DM’s are private timeline events and shouldn’t be able to enter the public timeline - why do they have a function in their API that publishes DM’s? Let’s think about this for a sec.

* If you think the API is 100% open, you’re kidding yourself… you can’t edit messages, you can’t post to another users account (without their password), these are business rules Twitter has in place to keep sanity, I take it you don’t have a problem with those?

* Why not just allow the sending of DM’s via the API and not receiving (i.e. not exposing a private timeline to the API)? Instead of the API pushing out entire DM’s it could still give a notification ‘You have a new DM from @martyj’ etc. (which is what you’d receive in 3rd party apps such as Twhirl), Twitter would still forward the DM to you via email, it would still send it to your phone and in your private timeline (none of that uses 3rd parties)… wher