Twitter users with Androids were in for an unpleasant surprise when the platform notified them that a bug in its system made their “protected tweets” accessible for years.

On January 17, Twitter said in a blog post that Android users’ tweets were exposed if “certain account changes were made.”

The company said that Android users who changed their email address associated with their accounts between November 3, 2014, and January 14, 2019 were vulnerable to the bug.

Web users and iOS users were not impacted by the bug.

Twitter apologized in the blog post and encouraged users to review their privacy settings to ensure the settings reflect their preferences. Twitter did not say how many users had been affected.

“We are providing this broader notice through the Twitter Help Center since we can’t confirm every account that may have been impacted,” the company said.

This is the latest bug in a string of social media platform mishaps and now the Irish Data Protection Commission is investigating the matter. The company is also under investigation by the General Data Protection Regulation (GDPR) for data-collection issues.

Twitter’s privacy mishaps are part of a bigger trend in the tech industry over the past several months.

In December, a bug on Facebook gave third-party apps too much access to users’ photos and may have impacted up to 6.8 million users in total. Earlier this month, a TechCrunch report revealed that hackers hijacked dormant Twitter accounts in an attempt to spread Islamic State propaganda.