Twitter has disclosed an “incident” affecting the accounts of an unspecified number of users who opted to reset their passwords. According to the company, a “bug” introduced sometime in the last year prevented Twitter users from being logged out of their accounts on all of their devices after initiating a password reset.
“if you proactively changed your password on one device, but still had an open session on another device, that session may not have been closed,” Twitter explains in a brief blog post. “Web sessions were not affected and were closed appropriately.”
Twitter says it is “proactively” logging some users out as a result of the bug. The company attributed the issue to “a change to the systems that power password resets” that occurred at some point in 2021. A Twitter spokesperson declined to elaborate on when this change was made or exactly how many users are affected. “I can share that for most people, this wouldn’t have led to any harm or account compromise,” the spokesperson said.
While Twitter states that “most people” wouldn’t have had their accounts compromised as a result, the news could be worrying for those who have used shared devices, or dealt with a lost or stolen device in the last year.
Notably, Twitter’s disclosure of the incident comes as the company is reeling from allegations from its former head of security who had filed a whistleblower complaint accusing the company of “grossly negligent” security practices. Twitter has so far declined to address the claims in detail, citing its ongoing litigation with Elon Musk. Musk is using the whistleblower allegations in his legal case to get out of his $44 billion deal to buy Twitter.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.