Skip to Content

Twitter discloses password reset bug

Updated on 2022-09-25 Twitter discloses another security

Flip that “days since last security snafu” counter back to zero, Twitter’s back with another incident disclosure. The company said it wasn’t properly logging Android or iOS users out of their apps when changing their passwords. When you change your password, it’s meant to nuke all other active sessions so that it logs every other device out. It’s the whole point of changing your password, to stop access that might be in progress. But Twitter wasn’t doing that, so it logged a bunch of folks out as a precaution. As @sarahintampa wrote this week, it’s the latest disclosure in a long string of security issues at Twitter, not least the most recent $150 million settlement with the FTC after it used phone numbers and email addresses ostensibly for setting up two-factor authentication for targeted advertising.

Probably enough to fill a loyalty rewards punch card at this point… If you needed an ELI5, @runasand has your back:

Read more: Twitter discloses it wasn’t logging users out of accounts after password resets

Overview

Twitter said on Wednesday that they fixed a bug where users weren’t logged out of all their devices when performing a voluntary password reset. The company said that in order to make sure this isn’t being abused, they logged off all users they suspect might have been affected out of their active sessions. Read more: Twitter Privacy Center > An incident impacting password resets on Twitter

Tags

Tags

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.