Twitter revealed affecting the accounts of an unspecified number of users who chose to reset their passwords. According to the company, a “bug” introduced sometime in the last year prevented Twitter users from signing out of their accounts on all their devices after initiating a password reset.
“if you proactively changed your password on one device but still had an open session on another device, that session may not have been closed,” Twitter explained in a short blog post. “Web sessions were not affected and were closed appropriately.”
Twitter says it is “proactively” banning some users as a result of the bug. The company attributed the problem to “a change to the systems that power password resets” that occurred at some point in 2021. A Twitter spokesperson declined to specify when that change was made or exactly how many users were affected. “I can say that for most people this would not cause any harm or account compromise,” the spokesperson said.
While Twitter says “most people’s” accounts would not be compromised as a result, the news may be worrying for those who have used shared devices or had a device lost or stolen in the past year.
Notably, Twitter’s disclosure of the incident comes at a time when the company is reeling from allegations by its former security chief, who filed a whistleblower complaint accusing the company of security practices. Twitter has yet to respond in detail to the claims, citing its ongoing work with Elon Musk. Musk blames whistleblowers in his lawsuit to back out of his $44 billion deal to buy Twitter.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories contain affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at time of publication.
https://www.engadget.com/twitter-discloses-incident-affecting-users-who-reset-passwords-202002288.html?src=rss
