Normally, Tweets from protected accounts can't be seen by public user; One should get approval from the account holder to view the protected tweets.
This bug could allow anyone to view hidden tweets by getting SMS or push notification from the accounts.
The microblogging firm said a member of white hat security community helped them to discover and diagnose the bug. According to its blog post, the bug is there since November 2013.
"As part of the bug fix, we’ve removed all of these unapproved follows, and taken steps to protect against this kind of bug in the future."
The bug affects around 93,788 protected accounts. Twitter has sent mail to all affected users to inform about the bug and apologize.