A security vulnerability has been discovered in MediaWiki setups which use MobileFrontend.
Revisions who's visibility had been alerted were showing up in parts of the mobile UI.
All projects in the Wikimedia cluster have been since patched but if you use this extension please be sure to apply the fix.
Patch file and issue are documented on https://phabricator.wikimedia.org/T133700
Note there is some follow-up work to do which is tracked in: https://phabricator.wikimedia.org/T133722