Today, Twitter disclosed a bug persisting from 2014 on its platform that affected protected tweets and accounts on Android. The company said the bug – active between November 2014 and January 2019 – switched off the “Turn your tweets private” option when users made changes to their account, like updating the email address associated with their account.
That means private tweets from your protected accounts were not actually private after you turned on the necessary setting in the Android app. The company said it has now fixed the issue. Luckily, people using the iOS app and site were not affected.
Twitter apologized for the issue said that it has informed the affected people:
We’re very sorry this happened and we’re conducting a full review to help prevent this from happening again. We’ve informed people we know were affected by this issue and have turned “Protect your Tweets” back on for them if it was disabled. We are providing this broader notice through the Twitter Help Center since we can’t confirm every account that may have been impacted.
It’s baffling that such an egregious bug went unnoticed by the company for more than four years. Good thing it didn’t involve any data more sensitive than private tweets.