Twitter accidentally revealed some Android users’ protected tweets to the public for more than 4 years. The social network accidentally disabled the “Protect your Tweets” setting for Android users without their knowledge. Twitter did not specify exactly how many Android users were affected by this issue. The bug only got triggered for those Android users who made changes to their account settings, such as changing their email address or phone number associated with their account, using the Android app between November 3, 2014, and January 14, 2019.
Source: https://thehackernews.com/2019/01/twitter-privacy-settings.html