Twitter discloses it wasn’t logging users out of accounts after password resets

Twitter discloses it wasn’t logging users out of accounts after password resets

2 years ago
Anonymous $CIOZ56dzxX

https://techcrunch.com/2022/09/22/twitter-discloses-it-wasnt-logging-users-out-of-accounts-after-password-resets/

Weeks after Twitter’s ex-security chief accused the company of cybersecurity mismanagement, Twitter has now informed its users of a bug that didn’t close all of a user’s active logged-in sessions on Android and iOS after an account’s password was reset. This issue could have implications for those who had reset their password because they believed their Twitter account could be at risk, perhaps because of a lost or stolen device, for instance.

Assuming whoever had possession of the device could access its apps, they would have had full access to the impacted user’s Twitter account.

Twitter discloses it wasn’t logging users out of accounts after password resets

Sep 22, 2022, 4:39pm UTC
https://techcrunch.com/2022/09/22/twitter-discloses-it-wasnt-logging-users-out-of-accounts-after-password-resets/ > Weeks after Twitter’s ex-security chief accused the company of cybersecurity mismanagement, Twitter has now informed its users of a bug that didn’t close all of a user’s active logged-in sessions on Android and iOS after an account’s password was reset. This issue could have implications for those who had reset their password because they believed their Twitter account could be at risk, perhaps because of a lost or stolen device, for instance. > Assuming whoever had possession of the device could access its apps, they would have had full access to the impacted user’s Twitter account.