top | item 22776098

(no title)

felipc | 5 years ago

The thing that boggles my mind is that the only affected users are:

(a) - Firefox users &&

(b) - who downloaded their messaging history on a buried menu option in the account page &&

(d) - who did this on a computer where someone else has access

The number of affected people is presumably very small, and the only metric that twitter can't know here is (d). How on earth does it make sense to alert every Firefox user with a scary wall of text? Don't they have logs to cross-reference (a), (b) and (c) and e-mail these users?

I'd believe that if there's only one API endpoint that would be crucial to log to protect against major leaks, it would be this one to download all your history at once...

discuss

detaro|5 years ago

re (b) Twitter says "took actions like downloading your Twitter data archive or sending or receiving media via Direct Message,", so it isn't just downloading the archive, and to me "actions like" suggests there might be more than the ones named here explicitly. And they might not be able to tell who did it for all these things.

I also didn't see any notice, but I don't know if I missed it, my adblocker ate it, or if they actually did only inform users that did one of the at-risk things and I happened to not do so.