GroupTweet is a service that lets users send private Twitter messages to a group of other users. It’s works great, unless you screw up and accidentally enter your normal Twitter credentials into the site instead of the credentials for a new Twitter account you create for the service.
If you accidentally put in your normal Twitter credentials, the service took all of your private direct messages on Twitter and published them. Twitter user Orli Yakuel and others found this glitch the hard way, and suffered major embarrasement.
After we reported on this on April 23, GroupTweet creator Aaron Forgue shut the service down. Today he relaunched the service with a number of changes that he says will stop this from happening again.
First of all, he disabled all existing accounts. He updated instructions to be more clear. And he also set up the service so that only brand new Twitter accounts can be used – so if you still accidentally put in your normal account, it will detect it and show an error. Finally, the service now only retrieves message for one day.
Assuming all of these new features work properly, GroupTweet is likely safe to use even for the most careless of users.
Twitter user Orli Yakuel, with 650 followers, had a nasty surprise this morning – her direct messages (private messages between two Twitter users) showed up in her normal Twitter stream (and were subsequently published to her FriendFeed account). Friends messaged her to tell her about the embarrassing issue.
At first she tried to delete the private messages and posted the notice above, but she then simply deleted her entire Twitter account (it was here). I saw it before deletion, however, and it clearly contained very private messages, exposed to anyone who went to her page. One user messaged her that it had happened to him as well, but I have not verified it personally.
We’re seeing an increasing trend of privacy issues pop up around new web applications and all this distributed data.
It’s the middle of the night, so I’m not going to get a response from Twitter on this until morning. If you want to delete private messsages, click on the Direct Messages link in Twitter on the right sidebar area. You have to delete them one at a time.
Orli’s blog is here, and she also created the Web 2.0 Directory website.
Update: It looks like this is a problem caused by GroupTweet, a newish third party Twitter application that allows users to direct message a lot of people at once. Orli says that she tested the application earlier today, and a number of commenters are pointing out that it may be the problem. GroupTweet requires you to create a new Twitter account to use with the service, and tell it the credentials for the account. But if you accidentally enter your primary account credentials instead, it will expose your direct messages to the public. This is not a Twitter API issue as far as I can tell, it’s a problem with the fact that GroupTweet is confusing and if you make a mistake, your direct messages are made public. This is particularly an issue for non-native English users when using it. I could have very easily made this mistake when testing the application.
Update 2: New registrations for GroupTweet are being disabled by the founder “until this is sorted out.”
