twitterannounced an unfortunate “incident” affecting the accounts of the user who chose to reset their password. According to the company, some users may experience problems with their sessions due to a “bug” that surfaced sometime last year. twitter announced a problem that prevented its users from logging out of their accounts on all their devices after starting the password reset process.
“If you have proactively changed your password on one device but still have an open session on another device, that session may not be logged out,” Twitter explains in a short blog post. “Web sessions are not affected and are properly closed.”
Twitter has started logging out of these users!
Twitter says it has “proactively” logged some users out as a result of the bug. The company attributed the issue to “a change in systems enabling password reset” that occurred in 2021. A Twitter spokesperson declined to disclose when this change was made or exactly how many users were affected. Twitter also guarantees that “most people” accounts won’t be compromised as a result, but profiles that are still open on another device when the password is changed may actually be ambiguous.
Twitter’s disclosure of the incident followed allegations from a former head of security who accused the company of “largely negligent” security practices. Twitter declined to elaborate on the allegations, citing its ongoing lawsuit with Elon Musk. Musk is using whistleblower allegations in his legal suit to get out of the $44 billion Twitter buyout deal.