Direct messages sent through Twitter can be easily exposed thanks to a loophole in Twitter’s API, Gary-Adam Shannon at Search Engine Watch reports.
When a user logs into a site using their Twitter username and password, the site can gain access to the private messages, says Shannon. He breaks it down on a very technical level, but essentially it’s just a small hack.
Shannon recommends you don’t ever log in to a site (other than Twitter.com, obviously) using your Twitter username/password. Another writer at Search Engine Watch recommends users just erase their DMs.
We’ve reached out for comment from Twitter, but haven’t heard back. If the company has anything productive to say we’ll update this.
In the meanwhile, be careful about using your Twitter log in on untrusted sites.
See Also: The Best Tweets About Twitter’s CEO News