Twitter has had a relatively clear record for protecting its users’ personal data for some time, but as some users recently reported their email addresses were stolen, it seems cyber-criminals may have found a way to bypass the company’s security, security intelligence analysts told SC Magazine.

One user, Accel data scientist Hilary Mason, claims to have received spam messages at an email address she registered exclusively to open her Twitter account and hasn’t used for anything else before or since. The account, @RobotzRule was a bot she used for work.

Speaking to SC, she said that her experience in working with similar systems to Twitter’s technical architecture, leads her to believe the leak happened through a bug in the “find your contacts” feature.

A spokesperson for the microblogging website addressed the claim by saying spammers have been known to simply guess user emails before. However, he also assured the public that Twitter will be looking into the issue.

Admitting that it is too soon to pin down Twitter for the leak of her email to spammers, Mason said that another service might be to blame. She speculated that her Gmail account was hacked, or that she accidentally included some of the bot’s code to github, along with its email details.

However, SC says the fault could lie with Twitter’s promoted messages service, which the bot probably used. Another user of the social website had recently claimed that their email was accidentally made visible to the public by just that service.