Twitter accidentally revealed "protected" (or private) tweets from some users, the company disclosed this afternoon. The "Protect your tweets" setting usually allows users to use Twitter non-publicly. These users learn who can follow them and who can see their content. This may not have been the case for some Android users over a period of years: their tweets have actually been made public as a result of this bug.

The company said the problem had hit Twitter for Android users having made certain account changes while the "Protect your tweets" option was enabled.

For example, if the user had changed the e-mail address of their account, the "Protect your tweets" setting was disabled.

We discovered and fixed a problem where the "Protect your tweets" setting was disabled on Twitter for Android. The people concerned were alerted and we reactivated the settings for them. More here:

– Twitter Support (@TwitterSupport) January 17, 2019

Twitter tells TechCrunch that this is just one example of an account change that could have caused the problem. We asked for other examples, but the company refused to share details.

What is quite shocking is how long this question lasts.

Twitter indicates that the problem could affect users if they made these account changes between November 3, 2014 and January 14, 2019 – the day the bug was fixed.

The company has now informed those affected by the issue and has re-enabled the "Protect your tweets" setting if it had been disabled on these accounts. But Twitter declares to make a public announcement because "it can not confirm all the accounts likely to be affected" (!!!)

The company explains that it was unable to tell people where it could confirm that the account was affected, but it does not have a complete list of accounts involved. For this reason, it is impossible to give an estimate of the total number of Twitter users for Android.

This is a serious mistake on Twitter's part because it has essentially made available to the public content that users have explicitly stated they want to see privately. For the moment, it is unclear whether the problem will result in a violation of the RPGD and a fine accordingly.

The only good thing is that some of the affected users may have noticed that their account became public because they would have received alerts, such as notifications that people were following them without their direct consent. This could have prompted the user to reactivate the "protect tweets" setting himself. But they may have attributed the problem to a user error or a small problem, not realizing that it was a generalized bug.

"We recognize and appreciate the trust you place in us and we are committed to building that trust every day," Twitter said in a statement. "We are very sorry that this has happened and we are doing a thorough review to prevent this from happening again."

The company claims to believe that the problem is now totally solved.