In brief: One of the biggest problems with Twitter has long been the prevalence of trolls on the platform. Users can protect themselves from unwanted followers and comments by making their accounts protected, but a bug that was affecting people for over four years meant some private tweets were made public.

The issue had been around since November 3, 2014, but it only affected Android device users, not those on iOS or who only used the web version. Twitter says that these mobile users who made account changes, such as altering their email address, had the “Protect your Tweets” setting disabled without them knowing.

It’s likely that those affected would have realized their accounts were public when Twitter users were able to follow them without requiring permission. Non-followers would have been able to see and comment on their posts, too. But that’s no excuse for the problem to have gone on for so long. Twitter said it only fixed the bug on January 14, 2019.

Twitter added that it has contacted those affected and turned the Protected setting back on for them. It also said that it’s made a public statement because it “can’t confirm every account that may have been impacted.” The company didn’t reveal how many Android users were confirmed to have been affected.

“We recognize and appreciate the trust you place in us, and are committed to earning that trust every day,” wrote the microblogging site. “We’re very sorry this happened and we’re conducting a full review to help prevent this from happening again.”