Direct messages are supposed to be private, but thanks to a Twitter bug, some apps can bust open your account and start accessing them anyway. Cesar Cerrudo, a security researcher, discovered a bug that allowed third-party applications to access his DMs. Unfortunately, he didn't give the name of the app and blacked out a screenshot proving his privacy was violated. Cerrudo, chief technical officer for IOActive, wrote that he is usually reluctant to sign in to applications using his Twitter or Facebook accounts due to "security implications," but needed to in order to test the software . . .
Twitter: Beware the App Bug
From The Daily Dot: