DMs longer than 140 chars sent via “d username” on UberSocial for Blackberry/iPhone & Twidroyd are currently visible publicly.
The proper parties have been notified and a fix is in the works.
We’re working w/the dev to bring the apps into compliance w/our privacy policies; meanwhile, please be aware of this vulnerability
The two companies have been at odds before, in fact only a few weeks ago Twitter cut off UberTwitter from its API access and forced a name change of the company. Bill Gross of UberTwitter explains why Twitter blocked its app, stating:
” Twitter said that in UberTwitter and Twidroyd we use a tweet-elongation service named tmi.me that allows people to write more than 140 characters, and that this service may post private messages on a public website. At their request, we have removed this ability.”
Just an educated guess, but this is just the beginning of this story.