Twitter disclosed an “incident” that affected the accounts of an unspecified number of users who chose to reset their passwords. According to the company, a “bug” introduced sometime last year prevented Twitter users from logging out of their accounts on all of their devices after initiating a password reset.
“If you have proactively changed your password on one device, but still have a session open on another device, that session may not have closed,” Twitter explains in a brief blog post. “Web sessions were not affected and closed appropriately.”
Twitter says it is “proactively” logging some users out as a result of the error.
The company attributed the problem to a “change in the systems that reset the password” that occurred sometime in 2021 according to Engadget.
A Twitter spokesperson declined to say when the change was made or say how many users were affected. “I can share that for most people, this would not have done any harm or settling an account,” the spokesperson said.
While Twitter states that “most people” have not had their accounts hacked as a result, the news can be concerning for those who have used shared devices, or dealt with a lost or stolen device in the past year.
It is worth noting that Twitter’s disclosure of the incident comes at a time when the company is suffering from allegations from a former security chief who filed a whistleblower complaint accusing the company of “gross negligence” security practices.
Twitter has refused to address the allegations in detail, citing ongoing litigation with Elon Musk.
Musk is using the allegations of the whistleblower in his legal case to abandon his $44 billion deal to buy Twitter.