Twitter fixes bug that left devices logged in after password reset

Twitter says it has fixed a bug that meant users weren’t logged out of active sessions on all devices after manually resetting their passwords. 

Writing on its blog, Twitter said:

“We want to let you know that we recently fixed a bug that allowed Twitter accounts to stay logged in from multiple devices after a voluntary password reset. In order to help ensure the safety and security of everyone that may have been affected, we’ve proactively logged people who may have been affected out of active sessions.”

Staying logged in on multiple devices after explicitly changing an account password is a huge security risk. If someone has breached an account already, that would leave them logged in and able to impersonate the user, rummage through DMs, change the password again, and more. 

Twitter says it has logged out all affected users, everywhere.

Twitter says it has reached out to users who might have been affected by the bug. For everyone else, it’s business as usual.

https://blog.malwarebytes.com/feed/

Leave a Reply