Twitter discloses bug that left users' account logged in after password reset


Sep 22: The company said that it has fixed the bug that didn't close all active logged in sessions on Android and iOS devices after an account's password was reset.

"If you proactively changed your password on one device, but still had an open session on another device, that session may not have been closed. Web sessions were not affected and were closed appropriately," the micro-blogging platform said in a statement late on Wednesday.

This bug was introduced after Twitter made a change to the systems that power password resets last year.

"To keep your account safe, we logged some of you out. You can log back in to keep using Twitter," said the company.

Twitter said it has directly informed the people who may have been affected by this bug, "proactively logged them out of open sessions across devices, and prompted them to log in again".

The incident happened as Twitter is facing larger scrutiny from the governments after its former head of security, Peiter 'Mudge' Zatko, claimed that the company hid negligent security practices, misled federal regulators about its safety, and failed to estimate the number of bots on its platform.

 

  

Top Stories


Leave a Comment

Title: Twitter discloses bug that left users' account logged in after password reset



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.