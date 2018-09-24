WHEN YOU WHINE at a business on Twitter, you assume that your self-important whinges are between you - terribly hard-done-by patron - and the bored customer service rep quietly judging you on the other end of the DM. That, it turns out, may not be the case: a bug in the API means that said customer service rep might not be the only one that knows you're an entitled brat.

Twitter has revealed that a bug in the Account Activity API could allow private messages sent to businesses between May 2017 and 10 September 2018 to have been accidentally cc'd to the developer of the business' chosen platform.

Twitter's apologetic noises initially sound quite reassuring, until you read between the lines. Yes, the bug was fixed "within hours" of discovery, but when the exploit wasn't found for 16 months that's not a great deal of consolation. And sure, the bug affected less than 1 per cent of people on Twitter, but with a user base of 68 million, that could still mean anywhere between one and 680,000 people.

The good news is if your data did leak, it would have only leaked to a registered developer, and there probably wasn't too much information that could do some serious harm. You really shouldn't be putting your full bank account, CVV number, mother's maiden name and two forms of ID into Twitter DM, no matter how well you think you know the person you're messaging.

Still, for full disclosure ahead of any potential leaks, we can reveal that we moaned to three businesses via Twitter DM during the affected dates: ParcelForce, UKMail and Just Eat. Unless anyone is interested in the edge-of-your-seat drama of an unsatisfying pizza delivery last September, hackers are probably best off looking elsewhere for juicy leaks. µ