Twitter user Orli Yakuel, with 650 followers, had a nasty surprise this morning – her direct messages (private messages between two Twitter users) showed up in her normal Twitter stream (and were subsequently published to her FriendFeed account). Friends messaged her to tell her about the embarrassing issue.
In a subsequent update, the culprit was identified:
It looks like this is a problem caused by GroupTweet, a newish third party Twitter application that allows users to direct message a lot of people at once. Orli says that she tested the application earlier today, and a number of commenters are pointing out that it may be the problem. GroupTweet requires you to create a new Twitter account to use with the service, and tell it the credentials for the account. But if you accidentally enter your primary account credentials instead, it will expose your direct messages to the public. This is not a Twitter API issue as far as I can tell, it’s a problem with the fact that GroupTweet is confusing and if you make a mistake, your direct messages are made public. This is particularly an issue for non-native English users when using it. I could have very easily made this mistake when testing the application.
TechCrunch claims that the guy who wrote GroupTweet has disabled sign-ups for the time being, but I can find no mention of that on the site.