Twitter fixes bug that left devices logged in after password reset

Twitter says it has fixed a bug that meant users weren’t logged out of active sessions on all devices after manually resetting their passwords.

Writing on its blog, Twitter said:

Staying logged in on multiple devices after explicitly changing an account password is a huge security risk. If someone has breached an account already, that would leave them logged in and able to impersonate the user, rummage through DMs, change the password again, and more.

Twitter says it has logged out all affected users, everywhere.

We fixed a bug that didn't close all active logged in sessions on Android and iOS after an account's password was reset. To keep your account safe, we logged some of you out. You can log back in to keep using Twitter.

For more details on what happened: https://t.co/OmjLKOe5bs
— Support (@Support) September 21, 2022

Twitter says it has reached out to users who might have been affected by the bug. For everyone else, it’s business as usual.

RELATED ARTICLES

TikTok comes one step closer to a US ban

“Substantial proportion” of Americans may have had health and personal data stolen in Change Healthcare breach

Picking fights and gaining rights, with Justin Brookman: Lock and Code S05E09

Billions of scraped Discord messages up for sale

A week in security (April 15 – April 21)