Twitter confirms Circle bug leaking private tweets to unwanted users

Almost a month after the incident involving a leak in its Circle feature, Twitter finally admitted the issue to its customers, saying it was “immediately fixed.”

 Twitter started the test for Circle in 2022. This feature should allow users to create posts for a specific group of people they curated. Somehow, this allowed individuals on the platform to share sensitive posts, opinions, and photos only with people they trust. However, different users on the platform started reporting in April that their supposedly Circle-exclusive posts could also be viewed by others.

The issue was first noticed in certain posts that disappeared when clicked (while some claimed other users not included in a Circle had managed to like the posts) and couldn’t be shared despite being public. What’s more, users reported that their private Circle posts were also seen being suggested to others outside their Circles through the platform’s For You timeline. Many started warning others about the issue, stressing its danger for people using the feature to post sensitive views, comments, and photos.

“I made a Twitter Circle with one person in it and posted this tweet for science,” a user named Ian Coldwater shared the experience. “This was the result. Two people I don’t follow saw the tweet & liked it. One of those people doesn’t follow me either. Twitter Circles aren’t private. Don’t post anything you want private in them.”

The issue was brought to the attention of Twitter. However, given the company’s public relations office was laid off, the only response the media received was a poo emoji. The blue bird company is now addressing the issue by sending an email to affected users.

“A security incident that occurred earlier this year,” the email reads, “may have allowed users outside of your Twitter Circle to see tweets that should have otherwise been limited to the Circle to which you were posting.”

According to Twitter, the bug “was identified by our security team and immediately fixed so that these tweets were no longer visible outside of your Circle.” No specifics were shared on how widespread the issue was or how many users were affected. Yet, the company stressed that “Twitter is committed to protecting the privacy of the people who use our service, and we understand the risks that an incident like this can introduce and we deeply regret this happened.”

This is not the first issue on Twitter where privacy is a concern. To recall, a whistleblower in January claimed that the company was violating privacy and data security protections. According to a complaint last year before Elon Musk’s takeover, employees could access an internal function called “GodMode” that would allow them to access and make posts using users’ private accounts. Also, despite the recent email addressing the Circle bug, as The Guardian noted, the company still hasn’t addressed the issue of reports involving private account tweet leaks to unapproved followers. Surprisingly, despite these privacy issues, Musk made budget cuts and laid off a lot of the company workers, including those in the privacy teams. This led to an investigation the Federal Trade Commission wanted to elevate, hoping to scrutinize Twitter’s capability to protect user privacy after Musk’s significant decisions and resignations of three top executives for privacy, security, and compliance. Then, the Circle bug happened in April, which only made Twitter’s ability to offer solid privacy for users more questionable.