Twitter said a change to its systems introduced the bug that caused accounts to stay logged in after a password reset.
Twitter made a change to its systems for resetting passwords last year
Photo Credit: Reuters
Twitter announced this week that it recently fixed a bug that kept users logged in to their accounts on multiple devices after they performed a voluntary password reset. The microblogging website also said that it logged out those who might have been affected due to the bug. The company also advised users to review the controls available in the settings menu and to monitor active open sessions regularly. The company's disclosure of the bug comes weeks after it was accused by former security chief Peiter Zatko of poor security practices, failing to tackle fake accounts, and allowing foreign governments to place agents on the company's payroll.
In a blog post, Twitter announced that a bug was introduced after it made a change to its systems that power password resets last year. The company said that the bug allowed Twitter accounts to stay logged in from multiple devices after a voluntarily password reset. “That means that if you proactively changed your password on one device, but still had an open session on another device, that session may not have been closed,” Twitter said.
It added that it “proactively logged people who may have been affected out of active sessions.” The company has also notified users who may have been impacted by the bug. A member of the Gadgets 360 team also received a communication from the microblogging service informing them that they might have been affected by the issue and they can now login again on their devices. “We take our responsibility to protect your privacy very seriously and it is unfortunate this happened,” Twitter said.
Twitter's claims of ensuring the safety and security of everyone comes weeks after the company was hit by allegations in a whistleblower complaint. The company's former security chief Peiter Zatko has alleged that the microblogging platform allowed India to add agents to the company's roster and potentially provided the country with access to sensitive data about users on the platform. He also claimed that “at least one agent” from China's intelligence service was employed by the company.
Zatko also claimed that weak cyber defences made the social platform vulnerable to exploitation by “teenagers, thieves and spies”, risking users' privacy. Zatko told a Senate Judiciary Committee that the company ignored its engineers because their “executive incentives led them to prioritise profit over security.” Tesla CEO Elon Musk has been permitted to use the whistleblowers allegations in Twitter's upcoming trial to enforce the takeover deal that is set to begin in October.
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.