UberSocial fixes direct-message privacy bug

The direct-message flaw affected a very small number of users, the company says

UberSocial has fixed a bug in its Twitter software for mobile phones that put some users' privacy at risk.

The flaw made direct messages public for a small number of users who may have used the company's UberSocial and Twidroyd software in a very specific way, said Steve Chadima, chief marketing officer with UberMedia, the company that develops UberSocial. Users who typed "d username" and then sent direct messages longer than 140 characters could have had their messages viewed by anyone. Users who send direct messages using UberSocial's default @username syntax were not affected, he said in an e-mail interview.

The flaw was fixed on UberSocial's back-end servers late Thursday, Chadima said.

UberSocial, formerly known as UberTwitter, fixed a similar problem about a month ago, but the company's developers didn't realize that it could be a problem if people typed "d username."

"[N]o one thought of these rarely used conventions like 'd username,'" Chadima said. These are "used almost exclusively by SMS tweeters, not those tweeting from apps that have buttons you can click or tap on to generate a direct message."

"There are so few users that this actually affects that we hadn't caught this until Twitter pointed it out," he said.

Twitter warned users of the problem Thursday with a pair of messages from its @Safety account.

UberSocial says that millions of people have downloaded its software, which runs on the iPhone, BlackBerry and Android phones.

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com

This story, "UberSocial fixes direct-message privacy bug" was originally published by IDG News Service .

Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies