A bug in Twitter exposed private tweets of some Android users for over five years when they made changes in their settings, like changing the email address linked to their accounts.
According to the micro-blogging platform, the bug (now fixed) disabled the “Protect your Tweets” setting if certain account changes were made on Android devices.
The bug didn’t affect people using Twitter on iOS or desktop, Twitter said on Thursday.
“You may have been impacted by this issue if you had protected Tweets turned on in your settings, used Twitter for Android, and made certain changes to account settings such as changing the email address associated with your account between November 3, 2014, and January 14, 2019.
“People on iOS or the web were not impacted. We fixed the issue on January 14, and we’ll provide updates if other important information becomes available,” Twitter said on its Help page.
The company said it has informed those who were affected by the bug and has turned “Protect your Tweets” back on for them if it was disabled.
“We encourage you to review your privacy settings to ensure that your aProtect your Tweets’ setting reflects your preferences,” said Twitter, adding it is sorry that this happened.
In May last year, Twitter asked its 336 million users to change their passwords after it discovered a bug that stored passwords in plain text in an internal system.
Twitter said it found no sign that hackers accessed the exposed data but advised users that they should enter a new password on all services where their current password has been used.
Another bug in Twitter’s platform for third-party app developers exposed some Direct Messages (DMs) from nearly 3 million users to outsiders, the micro-blogging platform admitted in September.
The bug ran from May 2017 and after discovering it, Twitter said it fixed the bug to prevent data from being unintentionally sent to the incorrect developer.
Twitter is also facing an investigation by privacy regulators in Ireland over data collection in its link-shortening system.