In an alert on Twitter, the social network is alerting users that for over a year, their direct messages and private tweets may have been sent to Twitter developers by mistake.
This popup is titled "A bug affecting one of our APIs" and states that from May 2017 to September 10th 2018, a a bug in their API may have caused your private direct messages or protected tweets to be sent to Twitter developers who were not authorized to view them. They further state that when the bug was detected on September 10th, it was immediately fixed.
While Twitter states that they have no reason to believe the private information was misused, they are investigating the matter further. The full text of the bug is displayed below:
BleepingComputer has contacted Twitter for more information regarding this bug and how many users may have been affected, but had not heard back at the time of this publication.