Twitter confirmed a security flaw that caused Circle tweets — posts only sent to a small subset of trusted friends — to appear publicly. TechDigiPro reported the flaw in early April, but the platform confirmed the issue today in an email sent to Twitter Circle users.
“In April 2023, a security incident may have allowed users outside of your Twitter Circle to see tweets that otherwise should have been limited to the Circle you were posting to,” the email said. Twitter claims that the bug has now been fixed and that the team knows what caused it.
Twitter Circle has been buggy for months now, which is worrisome for a feature that people use to tweet things they don’t want to share with all their followers. When we reported the issue last month, numerous users had been tweeting about people outside of their Circle liking their private tweets; one user even said that he posted nude photos on the Circle of him, which slipped through the cracks and surfaced for unwanted eyes.
More often than not, it seemed that Circle’s tweets appeared in the For You timeline for users who were following the sign, but were not in their Circle. Others reported that their Circle tweets were reaching even further than those who follow them.
Privacy violations aside, some Circle tweets are still displayed without the green banner indicating they are only visible to a selected audience. You can tell that these tweets are not public because the retweet button will be greyed out. These tweets still only reach their intended circles, so it’s not necessarily a privacy issue, but it can be a confusing user experience (personally, I’ve gotten a few messages from friends who were shocked that I was tweeting so openly about in what neighborhood I live). en — I had to assure them that despite the absence of the green banner, the post was private). TechDigiPro first reported on that particular glitch back in February, and it has yet to be fixed.
At times like these, I am reminded of something former Twitter Director of Trust and Safety Yoel Roth said shortly after leaving the company.
“If the protected tweets stop working, run, because that is a sign that something is seriously wrong.”
