Twitter admits Android users’ ‘protected’ tweets were left exposed for 4 years

18 Jan, 2019 17:20 / Updated 6 years ago

Android users who thought their private tweets were, well, private have been proved sorely mistaken thanks to the latest privacy breach admission by the social networking site.

Twitter copped to the blunder on Thursday, saying they had “become aware of and fixed an issue where the ‘Protect your Tweets’ setting was disabled on Twitter for Android.” Desktop and iOS users were not affected by the bug.

However, unless curious users clicked the link to read the company’s full statement, they wouldn’t know one small added detail – that this particular feature has been switched off since November 3, 2014.

READ MORE: Alexa, what’s my neighbor doing? ‘Human error’ allows user to eavesdrop on stranger’s life

The statement goes on to say that the bug was only rectified on January 14, when the team decided to turn the ‘Protect your Tweets’ feature back on. However, Twitter’s comment leaves out exactly how many of its users were made vulnerable by the bug, only saying that they “can’t confirm every account that may have been affected.”

“We recognize and appreciate the trust you place in us, and are committed to earning that trust every day. We’re very sorry this happened and we’re conducting a full review to help prevent this from happening again.”

The bug affected Android users who made changes to their account over the last four years, such as their linked email or phone number. The company says it has informed “people we know were affected by this issue and have turned ‘Protect your Tweets’ back on for them if it was disabled.”

Also on rt.com Google accused of breaching EU laws by tricking users into consenting to be tracked

The ‘Protect your Tweets’ feature is an opt-in system for users who only want their approved followers to be able to read their tweets. It’s not yet known what impact this security flaw will have regarding the European Union’s recently introduced GDPR rules.

Twitter is already under investigation by the Irish Data Protection Commission (DPC) for turning down a researcher’s request for data about how he is tracked when he clicks on short links in tweets. A spokesman for the DPC told Bloomberg the commission is already looking into this latest breach.

Like this story? Share it with a friend!