SAN FRANCISCO, Sept 22 ― Twitter may be one of the biggest social media sites out there, but that hasn’t stopped it having its own share of security issues. The latest trouble Twitter is having involves an incident affecting password resets on Twitter.
According to them, there was a bug that had allowed Twitter accounts to remain logged in on multiple devices, even after you’ve reset your password. Essentially, if you had changed your Twitter account’s password on one device, but had Twitter logged in on your other devices, you’ll remain logged in on those other devices even though you’ve changed your password. Understandably, this is a pretty bad thing as if you were resetting your password due to your account security being compromised, any bad actors with access to it will still have access to it.
Twitter says that the bug surfaced last year during a change to the password system, and has since been fixed. They’ve also directly informed the users that they were able to identify who would have been affected by this, as well as logging them out of their Twitter and prompting them into logging back in again. If you’ve suddenly found yourself logged out, this is perhaps why. Do note though that this is only dependent on whether Twitter could determine if you were affected, so if you’ve changed your password sometime since last year, you might want to check where your account is currently logged in on to be sure.
You can also log out of all other open sessions to be extra safe if you feel like you were affected by this. To do so, head over to the Settings page on Twitter, then go to Security and account access. From there, click on Apps and sessions, then hit Sessions, and you’ll be able to see your current active Twitter session, as well as all other devices which you’re currently logged in to. If you don’t recognise any of these devices, you can then choose to log out of all other sessions except the one you’re using.