Twitter confirmed that a security error that made Circle tweets -- posts that only go out to a small subset of trusted friends -- surface publicly. TechCrunch reported the glitch in early April, but the platform confirmed the issue today in an email sent to Twitter Circle users.
"In April 2023, a security incident may have allowed users outside of your Twitter Circle to see tweets that should have otherwise been limited to the Circle to which you were posting," the email said. Twitter claims that the bug has now been fixed, and that the team knows what caused it.
Twitter Circle has been buggy for months, which is concerning for a feature that people use to tweet things they don't want to share with all of their followers. When we reported on the issue last month, numerous users had been tweeting that people outside of their Circle were liking their private tweets; one user even said that she posted nude photos on her Circle, which slipped through the cracks and surfaced for unintended eyes.
Most often, it seemed that Circle tweets were being surfaced in the For You timeline to users who follow the poster, but were not in their Circle. Others reported that their Circle tweets were reaching even further than those who follow them.
Privacy breaches aside, some Circle tweets still are showing up without the green banner that indicates they’re only visible to a select audience. You can tell that these tweets aren't public because the retweet button will be greyed out. These tweets still are only reaching their intended Circles, so it's not necessarily a privacy issue, but it can be a confusing user experience (personally, I have fielded a few messages from friends who were surprised I was tweeting so openly about which neighborhood I live in -- I had to reassure them that despite the absence of the green banner, the post was private). TechCrunch first reported on that particular glitch in February, and it still has not been fixed.
In moments like these, I remember something that former Twitter Trust & Safety head Yoel Roth said shortly after leaving the company.
“If protected tweets stop working, run, because that’s a symptom that something is deeply wrong.”