When the user is subscribed to something he's not allowed to view (like a Maniphest task), they receive notifications about it that are generally not visible in any way (no web or email notification) – except for being included in the count of unread notifications, near the "bell" icon. There's no way to discover what causes them, or to stop it happening (other than having someone look inside the database).
Note how on this screenshot, I have 54 unread notifications, yet I have no unread notifications.
{F659484}
The count should probably not include notifications that the user can't view. Or maybe such notifications should be immediately marked as read, or maybe never generated at all?
Downstream bug report: https://phabricator.wikimedia.org/T102653