Twitter is warning users of the popular UberSocial Twitter-messaging software that direct messages they send may not be private.
Neither company is providing compete details of the problem, but in a series of messages Thursday from Twitter’s online safety account, Twitter said that longer direct messages sent via the company’s UberSocial and Twidroyd software are not private. The issue affects direct messages longer than 140 characters sent using the “d username” command, Twitter said.
Users on BlackBerry, iPhone and Android devices are affected. Twitter said it was working with UberSocial to bring the applications “into compliance” with its “privacy policies.” Meanwhile, it said, “please be aware of this vulnerability.”
UberSocial did not return messages seeking comment. The company claims to have millions of users and boasts more than 2,800,000 Twitter followers. Until it changed its name last month, the company was known as UberTwitter.
Last month, Twitter suspended UberSocial’s use of the Twitter API in connection with a similar problem. “Twitter said that in UberTwitter and Twidroyd we use a tweet-elongation service named Tmi.me that allows people to write more than 140 characters, and that this service may post private messages on a public website,” wrote UberSocial founder Bill Gross in a Feb. 18 note. At the time, UberSocial removed the message-elongation feature, he said.
Tmi.me is used by UberSocial, according to the Tmi.me website.
Twitter was also unhappy with the UberTwitter name, prompting the company to call itself UberSocial instead, Gross said.
Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert’s e-mail address is robert_mcmillan@idg.com