An “incident” impacting accounts of an unknown number of users who chose to reset their passwords has been reported by Twitter. The business claims that after starting a password reset, Twitter users were not locked out of their accounts on all of their devices as a result of a “bug” that was introduced some time in the previous year.
Twitter explains in a small blog post that a session might not have been stopped if you changed your password on one device but had an open one on another. Web sessions were properly ended and were not impacted.
As a result of the flaw, Twitter claims to be “proactively” logging out some users. The problem, according to the business, was caused by “a modification to the mechanisms that power password resets” that took place sometime in 2021. A representative for Twitter declined to go into any detail regarding when this change was implemented or precisely how many users are impacted. The representative stated, “I can disclose that for the majority of users, this wouldn’t have led to any harm or account compromise.”
Twitter claims that “most individuals” wouldn’t have had their accounts compromised as a result, but the information may be unsettling for anyone who have used shared devices or dealt with a lost or stolen device in the previous year.
It is noteworthy that Twitter made the announcement about the incident at a time when the business is dealing with accusations made by its former head of security, who filed a whistleblower complaint accusing the business of utilising “grossly inadequate” security procedures. Due to its ongoing legal dispute with Elon Musk, Twitter has so far refrained from responding in-depth to the charges. Musk is attempting to back out of his $44 billion agreement to acquire Twitter by citing whistleblower charges in his court lawsuit.