Bug appeared after Twitter made a change to systems that power password resets last year
The micro-blogging giant Twitter has disclosed a bug that allowed accounts to stay logged-in from multiple devices after a voluntary password reset, putting users’ data at potential hacking risk. This bug was introduced after Twitter made a change to the systems that power password resets last year.
The company said that it has fixed the bug that didn’t close all active logged-in sessions on Android and iOS devices after an account’s password was reset.
“If you proactively changed your password on one device, but still had an open session on another device, that session may not have been closed. Web sessions were not affected and were closed appropriately,” the micro-blogging platform said in a statement late on Wednesday.
“To keep your account safe, we logged some of you out. You can log back in to keep using Twitter,” said the company. Twitter said it has directly informed the people who may have been affected by this bug, “proactively logged them out of open sessions across devices, and prompted them to log in again”.
The incident happened as Twitter is facing larger scrutiny from the government after its former head of security, Peiter ‘Mudge’ Zatko, claimed that the company hid negligent security practices, misled federal regulators about its safety, and failed to estimate the number of bots on its platform.
[With Inputs from IANS]
PGurus is now on Telegram. Click here to join our channel and stay updated with all the latest news and views
For all the latest updates, download PGurus App.
Muchos Gracias for your blog article.Really looking forward to read more. Want more.