Twitter bug exposed private tweets of some Android users for five years

The bug occurred when users made changes to their settings, including updating their email address.

A bug that has plagued Twitter since 2014 exposed the tweets of some Android users that were intended to be private. Twitter first disclosed the issue on its Help Center today after apparently fixing the issue on January 14th. The bug didn't affect people using Twitter on iOS or desktop.

According to Twitter, the problem occurred when people using the Twitter for Android app attempted to change settings on their account, including updating their email address. After making those changes, Twitter would disable the "Protect your Tweets" setting if it was enabled on the account. The issue affected Android users who made changes to their account between November 3rd, 2014 and January 14th, 2019. Twitter said it has reached out to users who it knows has been affected by the bug, but the company recommends users who want to keep their tweets private double-check their settings to make sure the "Protect your Tweets" is enabled.

Twitter is already facing heat from Ireland's Data Protection Commission for failing to fulfill a request to provide tracking data collected through the company's link shortening service Last year, the security researchers also discovered a way to post unauthorized tweets via text messaging in the UK. It's unclear if the company will face similar scrutiny for these security flaws.