A security bug in Twitter exposed private tweets of users to the public. The flaw only affected Android users of the Twitter app while iPhone users were not affected.
According to Twitter, private tweets of users from November 3, 2014, to January 14, 2019, were exposed. Although the company did not say how many people were affected by the bug, Direct messages (DMs), a feature that let you send your contacts private notes were not exposed.
The flaw occurred after Twitter for Android app disabled the “Protect your Tweets” feature after certain account changes were made.
“You may have been impacted by this issue if you had protected Tweets turned on in your settings, used Twitter for Android, and made certain changes to account settings such as changing the email address associated with your account between November 3, 2014, and January 14, 2019, “Twitter said in a statement.
Twitter has already informed users who were affected by the bug and “Protect your Tweets” feature has also been enabled in case it was disabled. For those who are unaware of “Protect your Tweets,” it is a feature which is available to users who make their Twitter account private and only current followers can see what they tweet. With the feature, users can manually approve and select who is able to see their Tweets.
This is not the first time when a bug has hit Twitter. Last year in March, a bug stored Twitter user passwords on an unprotected internal log in plain text format. In the recent case, at least user passwords or email addresses were not exposed.
However, Twitter is now among social media giants like Google+ and Facebook who have been hit by multiple bugs lately. One of the bugs even forced Google to announce shutting down Google+ in August 2019.