- ITDM 2025 전망 | “비전을 품은 기술 투자, 모두가 주춤한 시기에 진가 발휘할 것” 컬리 박성철 본부장
- The Model Context Protocol: Simplifying Building AI apps with Anthropic Claude Desktop and Docker | Docker
- This robot vacuum and mop performs as well as some flagship models - but at half the price
- Finally, a ThinkPad model that checks all the boxes for me as a working professional
- Why I recommend this Android phone for kids over a cheap Samsung or Motorola model
Twitter Password Reset Bug May Have Exposed User Accounts
Twitter has remediated an issue that allowed accounts to stay logged in across multiple devices even after a voluntary password reset.
In an update yesterday, the social media company explained that the bug meant users who proactively changed their passwords on one device may have still been able to access open sessions on other screens.
This is important, as users who choose password resets voluntarily may be doing so because they’re concerned their account has been compromised.
The bug meant that a threat actor who was able to access an account in some way would have continued to be able to do so even after such a reset.
It’s unclear exactly how long users have been exposed in this way, but Twitter explained that the issue appeared after it made a change “last year” to the systems that power its password reset functionality.
“We have directly informed the people we were able to identify who may have been affected by this, proactively logged them out of open sessions across devices, and prompted them to log in again,” the firm explained.
“We realize this may be inconvenient for some, but it was an important step to keep your account safe and secure from potential unwanted access.”
There remains a question over whether Twitter has notified all those affected. Users may want to proactively log out of their account and/or reset passwords across their devices in any case.
The social media giant encouraged all users to familiarize themselves with the security controls available in their settings and to review active open sessions regularly.
“You can also review how to reset a lost or forgotten password on our Help Center,” it added.
Twitter has been in the security news this year for all the wrong reasons.
In May it agreed to pay a $150m fine to settle a federal privacy suit over privacy data violations, while a few months later a former CSO blew the whistle on an alleged litany of security vulnerabilities and mismanagement at the firm.