On January 17th, Twitter released a statement acknowledging a security flaw impacting Android users. Users who updated the email address associated with their account from November 14, 2018 to January 2019 may have had their private messages exposed.
The “Protect Your Tweets” setting, which keeps private tweets confidential, was found to deactivate after email address updates for Android users. Apple and web users were not found to have been impacted by the bug.
Twitter has resolved the issue as of January 14th, and will be reaching out to those impacted by the vulnerability. Twitter has stated that they have turned on protections for those who have had them switched off by the bug.
Thus far, there is no exact number of accounts affected. Twitter says it will be issuing a public notice about the error in coming days.
We recommend reviewing your privacy and account settings in Twitter if you use an Android device.