According to Twitter, the problem occurred when people using the Twitter for Android app attempted to change settings on their account, including updating their email address. After making those changes, Twitter would disable the "Protect your Tweets" setting if it was enabled on the account. The issue affected Android users who made changes to their account between November 3rd, 2014 and January 14th, 2019. Twitter said it has reached out to users who it knows has been affected by the bug, but the company recommends users who want to keep their tweets private double-check their settings to make sure the "Protect your Tweets" is enabled.
Twitter is already facing heat from Ireland's Data Protection Commission for failing to fulfill a request to provide tracking data collected through the company's link shortening service t.co. Last year, the security researchers also discovered a way to post unauthorized tweets via text messaging in the UK. It's unclear if the company will face similar scrutiny for these security flaws.