Twitter Inc. has patched a vulnerability in one of its application programming interfaces that gave third parties access to direct messages and protected tweets.

The so-called bug was discovered in Twitter’s Account Activity API, where it was introduced in May 2017. It allows registered developers to build tools that assist businesses in communicating with customers, including the ability to access information from other accounts in real-time.

Where the error occurred is that though Twitter intended for users of the API to access information about accounts, it also allowed anyone with access to the AAAPI to access private messages sent to others.

“If you interacted with an account or business on Twitter that relied on a developer using the AAAPI to provide their services, the bug may have caused some of these interactions to be unintentionally sent to another registered developer,” Twitter said in a statement Friday. “In some cases, this may have included certain Direct Messages or protected Tweets, for example, a Direct Message with an airline that had authorized an AAAPI developer.”

Twitter downplayed any serious consequences from what is a privacy breach by noting that the AAAPI bug affected less than 1 percent of users. But what isn’t clear given its longstanding existence is whether anyone actively exploited it.

Users Twitter believes may have had their private communications compromised are being contacted directly. “We’re very sorry this happened,” Twitter noted. “We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.”

The news comes as Twitter has banned Hollywood actor James Woods from Twitter for the crime of sharing a satirical meme.

The meme, which jokingly suggested that woke men shouldn’t vote in the forthcoming U.S. midterm elections because it was sexist to do so and women should be allowed to vote alone was deemed to be election meddling by Twitter.

Image: amboo213/Flickr