Twitter said that a “bug” sent user’s private direct messages to third-party developers “who were not authorized to receive them.”

The social media giant began warning users Friday of the possible exposure with a message in the app.

“The issue has persisted since May 2017, but we resolved it immediately upon discovering it,” the message said, which was posted on Twitter by a Mashable reporter. “Our investigation into this issue is ongoing, but presently we have no reason to believe that any data sent to unauthorized developers was misused.”

A spokesperson told TechCrunch that it’s “highly unlikely” that any communication was sent to the incorrect developers at all, but informed users out of an abundance of caution.