The security and privacy issues with APIs and third-party app developers are something that’s not just Facebook is dealing with.
A bug in Twitter’s API inadvertently exposed some users’ direct messages (DMs) and protected tweets to unauthorized third-party app developers who weren’t supposed to get them, Twitter disclosed in its Developer Blog on Friday.
Twitter found a bug in its Account Activity API (AAAPI), which is used by registered developers to build tools to support business communications with their customers, and the bug could have exposed those customers’ interactions
The Twitter AAAPI bug was present for more than a year—from May 2017 until September 10—when the microblogging platform discovered the issue and patched it “within hours of discovering it.”
In other words, the bug was active on the platform for almost 16 months.
What Can Affected Users Do?
Nothing. Yes, you really can’t do anything about your data which has already been gone into wrong hands.