Twitter has revealed affecting the accounts of an unspecified number of users who chose to reset their passwords. According to the company, a “bug” introduced sometime last year prevented Twitter users from logging out of their accounts on all of their devices after initiating a password reset.
“If you proactively changed your password on one device, but were still logged in on another device, that session may not have been logged out,” Twitter explains in a short blog post. “Web sessions were not affected and were closed properly.”
Twitter says it is “proactively” disconnecting some users as a result of the bug. The company attributed the issue to “a change in systems that trigger password resets” that occurred sometime in 2021. A Twitter spokesperson declined to elaborate on when this change was made or exactly how many users are affected. . “I can share that for most people, this would not have caused any harm or account compromise,” the spokesperson said.
While Twitter claims that “most people” would not have seen their accounts compromised as a result, the news could be concerning for those who used shared devices or dealt with a lost or stolen device in the past year.
Notably, Twitter’s disclosure of the incident comes as the company is reeling from allegations by its former head of security, who filed a whistleblower complaint accusing the company of security practices. So far, Twitter has addressed the claims in detail, citing her relationship with Elon Musk. Musk accuses the whistleblower in the legal case of him to get out of his $44 billion deal to buy Twitter.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at time of publication.