Just earlier today, Twitter admitted to a bit of an accident. Since November 2014, if you had your account's tweets set as protected, and you used the first-party Twitter Android app, changing specific details like your associated email address may have inadvertently disabled the setting.

Some users that were affected by this problem have been notified, and the associated setting has been returned to its expected, disabled state. However, Twitter can't be sure that it has informed everyone who may have been affected, hence the broader announcement (and our coverage).

Anyone who believes they may have set their tweets as private/protected should take a glance at their privacy settings to double check. And iOS and web users were not affected, the issue was Android app-specific.

Source: Twitter