A recent report has uncovered a security loophole in Twitter, concerning users’ private direct messages (DMs). It’s one that can potentially give web developers easy access to private information exchanged between two individual users.

After numerous concerns regarding privacy breaches in the Twitter API, the pessimists had proven to be right, and while Twitter has not responded to any questions yet, the subject is highlighted even further by to a very fresh JavaScript-related attack the social-network had undergone.

“The Twitter API can be exploited quite easily and let anyone [with access to website code] gain access to your direct messages.”

The access can be granted when a user logs into Twitter or a site (such as a blog) that uses Twitter and requires your Twitter user name and password.”

The combination of an easily exploitable API and list-harvesting ambitions is the dread of every social-network and its users, but after exposing multiple serious vulnerabilities so closely to each other, one would assume that the Twitter workforce has got its attention elsewhere, such as in their advertisement features’ development.

Similar to Twitter, another social-networking giant, LinkedIn, has recently fended off its biggest spam attack so far as reported in this post. This attack’s timing combined with Twitter’s recent blows may not only indicate the potential mass of vulnerabilities and weakness these networks and perhaps even other begin to let slip, but also hint towards a potential connection between the incidents.