Twitter has revealed that it has fixed a bug which was keeping users logged in to their accounts on multiple mobile devices even after a password reset. This means that those users who changed their passwords were still showing an open session on another mobile device where they were signed in before.
The bug was introduced after Twitter updated the system behind password resets last year, it said in a blog post. Users potentially impacted by the issue were informed directly and were “proactively” logged out of their accounts and urged to log in again, it added.
Twitter has asked its users to review the controls available in the settings menu.
The reason behind the bug was, Twitter had made some changes in the system which power password resets last year.
This issue and subsequent fix come at a time when Twitter is under scrutiny after the company’s former head of security, Peiter Zatko, disclosed issues of data and security failings at Twitter.
This is not the first time Twitter has reported a critical privacy and security breach.
Earlier in January 2022, Twitter acknowledged a bug in its systems that would disclose to someone, which Twitter account a given email address or phone number was associated with. At that time, it said, it had not got any evidence if the said bug was exploited by any miscreant. Later in July, it came to light that someone did leverage this issue and was apparently selling the leaked information, contrary to Twitter’s initial findings.