Twitter has revealed an issue that affected an undefined number of users who chose to change their passwords. A flaw introduced sometime last year, according to the business, prevented Twitter users from being locked out of their accounts on all of their devices after starting a password reset.
“If you proactively changed your password on one device, but still had an open session on another device, that session may not have been closed,” Twitter explains in a brief blog post. “Web sessions were not affected and were closed appropriately.”
As a result of the flaw, Twitter claims it is proactively logging out certain users. The business blamed the problem on a change to the systems that power password resets that happened in 2021. A Twitter spokeswoman declined to comment on when the update was implemented or how many people are affected. “I can share that for most people, this wouldn't have led to any harm or account compromise,” the spokesperson said.
While Twitter claims that the majority of people's accounts would not have been hacked as a consequence, the revelation may be concerning for anyone who have used shared devices or dealt with a lost or stolen device in the recent year.
Notably, Twitter's admission comes while the business is reeling from charges made by its former head of security, who filed a whistleblower complaint accusing the firm of excessively irresponsible security procedures. Twitter has so far refrained to respond in depth to the allegations, citing its current legal battle with Elon Musk. Musk is attempting to use whistleblower charges in his legal lawsuit to back out of his $44 billion bid to acquire Twitter.