Twitter announced this week that it recently fixed a bug that kept users logged in to their accounts on multiple devices after they performed a voluntary password reset. The microblogging website also said that it logged out those who might have been affected due to the bug. The company also advised users to review the controls available in the settings menu and to monitor active open sessions regularly. The company’s disclosure of the bug comes weeks after it was accused by former security chief Peiter Zatko of poor security practices, failing to tackle fake accounts, and allowing foreign governments to place agents on the company’s payroll.
In a blog post, Twitter announced that a bug was introduced after it made a change to its systems that power password resets last year. The company said that the bug allowed Twitter accounts to stay logged in from multiple devices after a voluntarily password reset. “That means that if you proactively changed your password on one device, but still had an open session on another device, that session may not have been closed,” Twitter said.
It added that it “proactively logged people who may have been affected out of active sessions.” The company has also notified users who may have been impacted by the bug. A member of the Gadgets 360 team also received a communication from the microblogging service informing them that they might have been affected by the issue and they can now login again on their devices. “We take our responsibility to protect your privacy very seriously and it is unfortunate this happened,” Twitter said.
Twitter’s claims of ensuring the safety and security of everyone comes weeks after the company was hit by allegations in a whistleblower complaint. The company’s former security chief Peiter Zatko has alleged that the microblogging platform allowed India to add agents to the company’s roster and potentially provided the country with access to sensitive data about users on the platform. He also claimed that “at least one agent” from China’s intelligence service was employed by the company.
Zatko also claimed that weak cyber defences made the social platform vulnerable to exploitation by “teenagers, thieves and spies”, risking users’ privacy. Zatko told a Senate Judiciary Committee that the company ignored its engineers because their “executive incentives led them to prioritise profit over security.” Tesla CEO Elon Musk has been permitted to use the whistleblowers allegations in Twitter’s upcoming trial to enforce the takeover deal that is set to begin in October.