The bug in the Android Twitter app affects the “Protect my Tweets” option from the account’s “Privacy and safety” settings that allows viewing user’s posts only to approved followers.
People who used the
“We’ve become aware of an issue in Twitter for Android that disabled the “Protect your Tweets” setting if certain account changes were made.” reads the security advisory published by the
“You may have been impacted by this issue if you had protected Tweets turned on in your settings, used Twitter for Android, and made certain changes to account settings such as changing the email address associated with your account between November 3, 2014, and January 14, 2019.”
The vulnerability was introduced on November 3, 2014, and was fixed on January 14, 2019, users using the iOS app or the web version
Twitter has notified impacted users and has turned “Protect your Tweets” back on for them if it was disabled.
“We are providing this broader notice through the Twitter Help Center since we can’t confirm every account that may have been impacted. We encourage you to review your privacy settings to ensure that your ‘Protect your Tweets’ setting reflects your preferences,” continues the advisory.
In September 2018, the company announced that an issue in Twitter Account Activity API had exposed some users’ direct messages (DMs) and protected tweets to wrong developers.
Twitter is considered one of the most powerful social media platforms, it was used in multiple cases by nation-state actors as a vector for disinformation and propaganda.
In December Twitter discovered a possible nation-state attack while it was investigating an information disclosure flaw affecting its platform.