Twitter recently fixed a problem that permitted accounts to remain logged-in on numerous devices even after a voluntarily changed password. The social network business addressed the password reset bug in a recent update. Twitter allowed users who changed their passwords proactively on one device to keep access open sessions on other displays.

This is crucial because users who willingly pick password resets may be doing so out of anxiety that their account has been compromised.

A threat actor gaining access to a user account would still be able to do so even after a reset.

Users may have been exposed for an arbitrary amount of time. But Twitter said the problem started after it changed the infrastructure that supports its password reset capability “last year.”

According to the company, they logged out the people we were able to identify who were affected by this. Twitter personally informed them, and asked them to log in again.”

Although some people might find this annoying, it was necessary to take this action to protect your account from unauthorized access.

It’s still unclear whether Twitter informed everyone who was impacted by Due to password reset bug. Users might want to reset their device passwords or proactively log out of their accounts.

The industry leader in social media urged all users to become familiar with the security safeguards present in their settings and to routinely check open sessions that are still active.

Mitigation

Additionally, it said, “You can study how to change a lost or forgotten password in our Help Center.”

This year, Twitter has made security headlines for all the wrong reasons.

A former CSO came up with allegations of a long list of security flaws and poor management at the company a few months after it agreed to pay a $150 million fine to settle a federal lawsuit over privacy data abuses.

Reference