Twitter bug revealed private tweets for some Android users for almost five years

Some Twitter for Android users had their private tweets exposed to non-followers and search engines.

Social media network Twitter revealed today that it fixed a bug that affected users of its Android app. The bug accidentally changed the visibility of protected tweets from private to public, the company said.

The issue didn't impact all users. According to Twitter, only the following users were possibly affected:

  • Used the Twitter for Android app
  • Had the "Protect your Tweets" option enabled
  • Changed their account email address between November 3, 2014, and January 14, 2019

The bug also didn't impact users of their Web or iOS clients, although, if members changed their account's email address from an Android client, and then used other clients, they might also be affected.

The social network didn't reveal how it found the bug, but said that it already notified all users who it believes were impacted, and also reset the "Protect your Tweets" option to its original setting, hiding those people's tweets from non-followers, non-registered users, and search engines.

The company also published today a Help Center page about the bug because its engineers couldn't identify and confirm every account that was impacted in the past five years.

"We recognize and appreciate the trust you place in us, and are committed to earning that trust every day. We're very sorry this happened and we're conducting a full review to help prevent this from happening again," the company said.

In September 2018, Twitter was impacted by another bug, affecting its Account Activity API (AAAPI), which sent some users' private messages to the wrong Twitter app developers.

Twitter users can double-check the status of the "Protect your Tweets" option in the Twitter account settings panel, under the "Privacy and safety" option.

Protected tweets setting

More tech coverage: