On its official page, Twitter reported that it had found an error in the application: some users remained logged in on various mobile devices after a voluntary password reset. The service had to forcibly disconnect all active sessions from those whose accounts might be affected in order to protect the data.
We are talking about a situation where a user changes the password on one device, but their logged in session with the old password on another device is still active.
That is, anyone who has access to the gadget can use the account, take notes, view data and feeds, as long as the account owner is sure that it is protected by a new password.
Having discovered the bug, Twitter engineers immediately disabled all active sessions and issued an official statement, apologizing for the inconvenience this measure might cause (users had to log in again everywhere).
But the problem is that Twitter itself explains that the bug arose after changes made last year to systems that provided password resets.
And this already means that the bug could exist for several months. And exist unnoticed.
This is especially sad as it comes just a week after former Twitter security chief Pater Zatko appeared in court with Elon Musk.
After all, Zatko accused the company of insufficient efforts in the field of cybersecurity.
Considering the entire chain of security incidents on Twitter (this includes the leak of personal data from 5.4 million accounts, and the disclosure of user contacts to advertisers, and a loophole that allows comparing phones with scientific records on the social network ), even this trifle causes negative.
In a general context, this little bug can be seen as another example of a truly global cybersecurity issue on Twitter.
Author:
Ekaterina Alipova
Source: RB
I am Bret Jackson, a professional journalist and author for Gadget Onus, where I specialize in writing about the gaming industry. With over 6 years of experience in my field, I have built up an extensive portfolio that ranges from reviews to interviews with top figures within the industry. My work has been featured on various news sites, providing readers with insightful analysis regarding the current state of gaming culture.
