We were alerted to and fixed a bug in our system that, for 94,287 protected accounts under rare circumstances, allowed non-approved followers to receive protected tweets via SMS or push notifications since November 2013. As part of the bug fix, we’ve removed all of these unapproved follows, and taken steps to protect against this kind of bug in the future.
Today’s Twitter for iOS and Android updates let you enroll in login verification and approve login requests directly from your mobile app. Now, in addition to the SMS-based login verification that we released in May, you can use login verification without relying on text messages.
Every day, a growing number of people log in to Twitter. Usually these login attempts come from the genuine account owners, but we occasionally hear from people whose accounts have been compromised by email phishing schemes or a breach of password data elsewhere on the web.