Twitter discloses it wasn’t logging users out of accounts after password resets • TechCrunch

Spread the love


Weeks after Twitter’s ex-security chief accused the company of cybersecurity mismanagement, Twitter has now informed its users of a bug that didn’t close all of a user’s active logged-in sessions on Android and iOS after an account’s password was reset. This issue could have implications for those who had reset their password because they believed their Twitter account could be at risk, perhaps because of a lost or stolen device, for instance.

Assuming whoever had possession of the device could access its apps, they would have had full access to the impacted user’s Twitter account.

In a blog post, Twitter explains that it had learned of the bug that had allowed “some” accounts to stay logged in on multiple devices after a user reset their password voluntarily.

Typically, when a password reset occurs, the session token that keeps a user logged into the app is also revoked — but that didn’t take place on mobile devices, Twitter says. Web sessions, however, were not impacted and were closed appropriately, it noted.

See also  Instagram Now Lets You Opt-Out of Read Receipts for DMs

Twitter explains the bug came about after a change it made last year to the systems that powered its password resets, meaning the bug has existed for a number of months undetected. To address the issue, Twitter has now directly informed the affected users, proactively logged them out of their open sessions across devices, and has prompted them to log in again. The company didn’t detail how many people were impacted, however.

“We take our responsibility to protect your privacy very seriously and it is unfortunate this happened,” Twitter wrote in its announcement, where it also encouraged users to review their active open sessions regularly from the app’s settings.

The issue is the latest in a long line of security incidents at the company in recent years, though it is not as severe as some in the past — like the bug reported last month that had exposed at least 5.4 million Twitter accounts. In that case, a security vulnerability had allowed threat actors to compile information on Twitter users’ accounts, which were then listed for sale on a cybercrime forum.

See also  Meta Opens Up its VR Operating System to Third Party Hardware Makers

This past May, Twitter was also forced to pay $150 million in a settlement with the Federal Trade Commission for using personal information provided by users to secure their accounts, like emails and phone numbers, for ad targeting purposes. And in 2019, Twitter disclosed a bug that had shared some users’ location data to partners and another which also led to user data being shared with partners. Plus, it faced an issue where a security researcher had used a flaw in the Android app to match 17 million phone numbers with Twitter user accounts.

While it’s helpful that Twitter is transparent about the bugs it finds and the fixes it makes, the company’s overall cybersecurity issues are now under increased scrutiny following the whistleblower complaint filed by its former head of security, Peiter “Mudge” Zatko in August.

See also  X Will Soon Enable Advertisers to Create Ad Audiences with AI

Zatko alleged the company has been negligent in securing its platform, citing issues including a lack of employee device security, lack of protections around the Twitter source code, overbroad employee access to sensitive data and the Twitter service, a number of unpatched vulnerabilities, lack of data encryption for some stored data, an overly high number of security incidents, and more, as well as threats to national security.

In this context, even lesser bugs like the one disclosed this week may not be considered one-off missteps by a company, but rather yet another example of broader security issues at Twitter that deserve more attention.



best barefoot shoes

Source link

  • Related Posts

    Java Burn Review – Drink coffee and lose weight

    Spread the love

    Spread the loveJava Burn Review This revolutionary dietary supplement, designed to turbocharge your coffee routine, sets a new weight loss and fat-burning standard. With a carefully selected blend of all-natural…

    Read more

    Third-Party Ad Placement Blocklists: Meta Expands Support

    Spread the love

    Spread the love Meta Platforms is enhancing advertiser control over ad placements by broadening its support for third-party blocklists. This initiative aims to empower brands to effectively manage where their…

    Read more

    You Missed

    Java Burn Review – Drink coffee and lose weight

    Java Burn Review – Drink coffee and lose weight

    Third-Party Ad Placement Blocklists: Meta Expands Support

    Third-Party Ad Placement Blocklists: Meta Expands Support

    Travis Hunter Will Be No. 1 Pick in NFL Draft, Says Adam Jones

    Travis Hunter Will Be No. 1 Pick in NFL Draft, Says Adam Jones

    February 16, 2025 NYT Mini Crossword Answers Revealed

    February 16, 2025 NYT Mini Crossword Answers Revealed

    Level 48 Solution for Escape Room Academy

    Level 48 Solution for Escape Room Academy

    Travis Hunter to Shine as No. 1 Pick in NFL Draft, Says Adam Jones

    Travis Hunter to Shine as No. 1 Pick in NFL Draft, Says Adam Jones

    Buy Nintendo’s Alarmo Clock Now Available Online in the US

    Buy Nintendo’s Alarmo Clock Now Available Online in the US

    Romantic GIF Usage Insights Shared by Giphy Year-Round

    Romantic GIF Usage Insights Shared by Giphy Year-Round

    PixelTap Daily Combo for February 16, 2025, by Pixelverse

    PixelTap Daily Combo for February 16, 2025, by Pixelverse

    Young Thug Reacts to Drake’s Album Success

    Young Thug Reacts to Drake’s Album Success

    java burn weight loss with coffee

    This will close in 0 seconds