A five-year-old Twitter bug left some Android users’ protected tweets exposed

Twitter admits that the bug (now fixed) disabled the “Protect your Tweets” setting of some Android users for over five years when they made changes some their settings, including changing the email address linked to their accounts. Twitter revealed that the bug is thought to date back to November 3, 2014, and has now been fixed.

Protect your Tweets’ feature is designed to hide tweets from public view. Some Android users may have had the ‘Protect your Tweets’ feature switched on, but the bug exposed their tweets that were supposed to be private. Twitter doesn’t have a correct figure of how many Android accounts were affected by the glitch. However, iOS or web users were not affected by this issue.

The bug was active for a period for nearly 5 years between November 3rd, 2014 and January 14th, 2019. Twitter has now addressed the issue and is reaching out to affected users to inform them and also turn the setting back on for them.

The social networking platform says in a blog post, “We’ve become aware of an issue in Twitter for Android that disabled the “Protect your Tweets” setting if certain account changes were made. You may have been impacted by this issue if you had protected Tweets turned on in your settings, used Twitter for Android, and made certain changes to account settings such as changing the email address associated with your account between November 3, 2014, and January 14, 2019. People on iOS or the web were not impacted. We fixed the issue on January 14, and we’ll provide updates if other important information becomes available”

Nevertheless, with such a wide gap it is recommended that all Android users review their privacy settings regularly to ensure all is in order.

This has happened at a time when Twitter is already under EU investigation regarding the information that collected via the platform’s link shortening service. And now a new privacy investigation by the Irish Data Protection Commission (DPC) for the security flaw caused by the ‘protected tweets’ bug is going to add more worries to the think tank. Under the current GDPR rules, in case Twitter fails to improve its privacy practices, it might cost the social networking service a heavy EU privacy fine up to about 4% of its annual revenue.