Private tweets of certain Android users remained exposed for five years due to a bug. The bug activated when users change the email address associated with their accounts. Although the issue has now been resolved, it could disable "Protect your Tweets" functionality upon making certain account changes on Android phones. However, Twitter's iOS and desktop users were not impacted by the issue. "Protect your Tweets" option has already been turned back on for those who were impacted by the bug. Affected users have also been made aware of the bug.
"Protect your Tweets" option was disabled for select users between the period 3rd November 2014 and 14th January 2019. The bug got activated after users who were impacted by the bug made certain changes to their Twitter's account settings such as changing the email address linked to their Twitter account. Twitter fixed the issue on January 14. However, Twitter did not reveal when it discovered the bug or how.
"People on iOS or the web were not impacted. We fixed the issue on January 14, and we'll provide updates if other important information becomes available," Twitter said on its Help page.
"We encourage you to review your privacy settings to ensure that your Protect your Tweets' setting reflects your preferences," said Twitter
Twitter apologised and advised users to change their password. Twitter also wants users to review their account's privacy settings only to make sure that "Protect your Tweets" option reflects their preferences. In May last year, Twitter had asked 336 million users to use a new password after a bug was discovered, storing plain text passwords in an internal system.
In September last year, another bug was discovered in Twitter's platform for third-party app developers. The bug ended up exposing Direct Messages (DMs) from nearly 3 million users. The was activated from May 2017 until the point where Twitter managed to fix it. Privacy regulators in Ireland are also probing Twitter over data collection in its link-shortening system.