Twitter, Inc. (NYSE:TWTR) has admitted that a technical glitch accidentally exposed protected tweets of Android users since 2014. The bug exposed the tweets for users using the Twitter for Android App when changing their account settings such as changing of the email linked to the user account. The “Protect you Tweet” option got disabled by changing the settings between November 2014 to and January 2019.
Android users affected
The company has so far fixed the issue, and they indicated that web users and iOS were not affected. Twitter is yet to know the exact number of Android accounts affected. They have however turned back the setting for the affected Android accounts, but they still recommend Twitter users to review their accounts’ privacy setting to ensure they are secure to their preferences.
In a statement, the company indicated that they appreciate and recognize the trust users have placed on them and they are committed to ensuring that their data is secure. They issued an apology and stated that they are in the process of carrying out a full review to ensure that such kind of breaches doesn’t occur in the future. The company has so far notified all the affected users.
Twitter under investigation for data breach
Last year Twitter had a similar issue when they discovered a bug in their system that stored passwords in plain text in their system. They had to ask their 336 million users to review their passwords. The Office of Data Protection Commissioner has been investigating Twitter over their refusal to provide Michael Veale with data under GDPR.
Equally the company is under investigation in the EU for issues related to data collection under the new GDPR rules. They face a privacy investigation from the Irish Data Protection Commission following the recent security flaw that exposed protected tweets.
The company faces hefty fines from the EU if they fail to improve their privacy practices. Under the new GDPR, the privacy fine would be 4% of the company’s annual revenue. In 2018 there was a statutory inquiry into their obligations which required them to implement measures that can enhance security as well as protect personal data.