If you use Twitter on an Android device and have your tweets set to private, you’d better check that the setting is still activated.
Twitter said on Thursday, January 17 that it recently fixed a four-year-old bug that exposed the protected tweets of some Android users. People using Twitter on iOS devices or the web were not impacted.
The bug somehow turned off protected tweets, a privacy setting that’s designed to hide posts from public view, with only selected users given access. Twitter said that the “protect your tweets” setting appeared to turn off “if certain account changes were made.” Examples included “changing the email address associated with your account between November 3, 2014, and January 14, 2019.”
In a special post added to its Help Center section, Twitter said it had already contacted those who had been affected by the bug, though it admitted it was unable to locate every account that had been impacted. Where it knew for certain than an account had been affected, it had reset the privacy option to its original setting.
As a precaution, the company is urging anyone with an Android device that had set their account to private to review their settings to ensure their tweets are still protected.
The San Francisco, California-based company said it fixed the issue on January 14, and promised to provide updates if other important information becomes available.
Twitter’s revelation is a worrying one, especially as some of those who protect their accounts do so because their tweets feature personal content they’d rather not share beyond friends and family. Others set it to avoid harassment. But the bug would presumably have been brought to the attention of at least some of the affected users when they received responses to tweets from people who didn’t have permission to view their account. Such a scenario would likely have prompted them to dive back into their settings to hit the “protect my tweets” button (again).
Twitter offered an apology to its community: “We recognize and appreciate the trust you place in us, and are committed to earning that trust every day. We’re very sorry this happened and we’re conducting a full review to help prevent this from happening again.”
It added that anyone with questions or concerns should contact Twitter’s data protection officer Damien Kieran.
The company has had other similar troubles in this area. In 2018 it revealed that for more than a year a bug caused some direct messages to be sent to people beyond just the intended recipient.