A bug that affected Twitter uses from May 2017 to September 10th of 2018 could have resulted in certain Direct Messages or protected tweets getting sent to developers who were not part of the conversation. The bug was found in Twitter's Account Activity API (AAAPI), which is used by companies to improve their communications with customers on the platform. Those affected had sent direct messages to companies that used a developer to run their Twitter account for customers. If this developer employed Twitter's Account Activity API (AAAPI), the subscriber could have been victimized by the bug.
Twitter says that it exterminated the bug within hours of discovering it on September 10th. The good news is that the issue affected less than 1% of Twitter users. While we're not sure that Twitter should consider this good news, the company says that any party that received a duplicate DM was a developer registered with Twitter.
"If you interacted with an account or business on Twitter that relied on a developer using the AAAPI to provide their services, the bug may have caused some of these interactions to be unintentionally sent to another registered developer. In some cases this may have included certain Direct Messages or protected Tweets, for example a Direct Message with an airline that had authorized an AAAPI developer. Similarly, if your business authorized a developer using the AAAPI to access your account, the bug may have impacted your activity data in error."-Twitter
Those subscribers who were affected by the bug will receive a message from Twitter inside the app, and on Twitter.com. The company is also contacting developers that received DMs not meant for their eyes, to make sure that the duplicate and errant messages were discarded by them. Meanwhile, Twitter says that it is continuing to investigate the matter.