Twitter logo on smartphone screen showing exposed private tweets from Twitter Circle

Twitter Circle Exposed Private Tweets to Non-Followers in April

Twitter has confirmed that the Twitter Circle feature was glitched for roughly several weeks starting in early April, and was exposing some private tweets to non-followers. Users of the feature noted the issue after unauthorized Twitter accounts were seen interacting with tweets that they should not have been able to access.

The private tweets that were supposed to be restricted to authorized Twitter Circle users were able to make their way into the “For You” tab of others during this period, including non-followers.

Some Twitter Circle users had sensitive information exposed

Twitter Circle debuted in August 2022, allowing users to create one private “circle” of authorized followers that are the only recipients of specific tweets. It appeared to work as intended until at least the first weekend of April 2023, when these private tweets suddenly began making their way into the “For You” feed of the general public.

Twitter Circle is most commonly used as something like a private Discord within the platform for more private exchanges, but some users have adopted it as a means of selling subscription-based content, particularly those that produce adult content. Some users also report their own sensitive materials of this nature, meant exclusively for friends or partners, making their way to the general Twittersphere.

Though it was readily apparent that Twitter Circle containment had been broken, it took roughly a month to confirm the breach given the platform’s Elon Musk-era policy of responding to all media inquiries with an automated poo emoji. Musk and his team did not provide an explanation as to how the private tweets got into general circulation, but there has been widespread speculation that it was an unintended consequence of an April 7 update to the recommendations algorithm. That update is thought to have changed how interactions and replies boost tweet visibility.

A company statement said that Twitter has thoroughly investigated the issue to understand how it happened and has addressed it, though it does not appear that further details about what went wrong are forthcoming.

Private tweets exposed during extended string of Twitter glitches

The issues with Twitter Circle and the exposed private tweets are another entry in a string of mishaps for the platform. Almost immediately after taking over to start off November 2022, Musk began slashing the company’s workforce. As of early April 2023 he told BBC reporters that about 80% of the total workforce, or 6,000 people, had been removed. Musk’s perspective is that the deep cuts were necessary to right the company’s financial ship, with it having a negative cash flow of some $3 billion when he took over. Though ad revenue is projected by a number of sources to be down by at least 20% in 2023, Musk says that the company is now breaking even and that there has been a renewed surge of advertiser interest.

With these deep cuts not sparing the engineering department, there was all but a guarantee that the platform would experience technical difficulties going forward. The extent to which it has become “unusable” is generally in the eye of the beholder and oriented to their political views to at least some degree, but it is inarguable that there has been a chain of technical issues since Musk took over. Paired with the new policy of an extreme lack of communication with the media, users are often left to speculate about updates and tweaks to the system inducing faults such as the one that exposed private tweets.

In early March there was a site-wide outage that impacted some users, treating regular accounts as if they were developers and redirecting them to a page to upgrade their API access. There was another outage in early February that impacted many site users, preventing them from viewing their timelines and sending tweets and DMs. Short outages like these have become fairly common, tend to come during periods in which site code is being updated, but also tend to be resolved fairly quickly.

Sometimes the bugs are to the benefit of users, much better than having their Twitter Circle exposed to the public at least. In early May, a glitch emerged that allowed legacy “blue check” holders to recover that status without paying for the now-mandatory subscription. The reappearance of former blue checks appeared to be triggered by typing certain trigger phrases, such as “former blue check,” into the bio text field. However, the check turned out to not be visible to other users and would disappear when the user refreshed their profile. While hardly a security issue on the level of private tweets going public, this chain of odd glitches has users rightfully concerned about overall platform security and stability.