A bug that affected Twitter uses from May 2017 to September 10th of 2018 could have resulted in certain Direct Messages or protected tweets getting sent to developers who were not part of the conversation. The bug was found in Twitter's Account Activity API (AAAPI), which is used by companies to improve their communications with customers on the platform. Those affected had sent direct messages to companies that used a developer to run their Twitter account for customers. If this developer employed Twitter's Account Activity API (AAAPI), the subscriber could have been victimized by the bug.
Twitter says that it exterminated the bug within hours of discovering it on September 10th. The good news is that the issue affected less than 1% of Twitter users. While we're not sure that Twitter should consider this good news, the company says that any party that received a duplicate DM was a developer registered with Twitter.
Those subscribers who were affected by the bug will receive a message from Twitter inside the app, and on Twitter.com. The company is also contacting developers that received DMs not meant for their eyes, to make sure that the duplicate and errant messages were discarded by them. Meanwhile, Twitter says that it is continuing to investigate the matter.