Twitter shared some unsettling news for Android users today.
For more than four years, a bug affecting Twitter’s Android app made some users’ private tweets public. Twitter says the bug was triggered when users turned on the “Protect your Tweets” setting and made seemingly unrelated changes to their accounts, such as updating their email addresses.
The “Protect your Tweets” setting makes your account private, blocking anyone who does not follow you from seeing your tweets and requiring any new followers to receive your explicit approval.
Twitter didn’t provide any additional examples of account changes that could have inadvertently disabled the privacy feature. The company says it fixed the bug days ago, on January 14, but that it has affected users since 3 November 2014.
In a blog post on the news, Twitter explained that it had already reached out to users who were affected by the bug, but it warned that it “can’t confirm every account that may have been impacted”. Twitter says it has turned the privacy setting back on for users who had the feature disabled.
Reached by Gizmodo, a Twitter spokesperson reiterated that it does “not have a complete list of impacted accounts”, and said that it “provided a broad notice so that anyone potentially affected by this can ensure their privacy settings reflect their preferences”.
“We recognise and appreciate the trust you place in us, and are committed to earning that trust every day,” Twitter said in its post. “We’re very sorry this happened and we’re conducting a full review to help prevent this from happening again.”