Twitter has decided to proactively log out users from their accounts after a previously discovered bug resurfaced, preventing them from logging out of their accounts on all of their devices when they make a password reset.
According to a statement from Twitter quoted on Engadget, once users change passwords on one device, but have an ongoing session on another device, this session may not have been closed. Web sessions, Twitter added, were not affected by the bug and were closed properly.
This issue, Twitter further said, was due to "a change to the systems that power password resets" that happened in 2021.
Most Twitter Users Unaffected, Says Company
Twitter users who were affected by this bug have to deal with some privacy risks, such as people accessing their accounts accessed when these individuals possess their devices that remained logged in without the user's knowledge.
As a result, Twitter reached out to affected users and logged them out of their accounts from all their active sessions on all their devices.
Twitter said it has "directly informed the people we were able to identify who may have been affected by this, proactively logged them out of open sessions across devices, and prompted them to log in again."
Twitter Move 'important Step to Account Safety, Security'
While Twitter knows this could be "inconvenient for some," but added, "it was an important step to keep your account safe and secure from potential unwanted access."
Twitter said, however, the accounts of most of its users would not have been compromised and that the issue would not cause any harm to them. But this obviously would impact users who use the platform on multiple devices simultaneously or have lost a device with their accounts open.
Issue Comes Amidst Whistleblower Allegations of 'Grossly Negligent' Security Practices
This issue comes as Twitter faces charges from its ex-head of security Peiter Zatko, who claimed the platform was "grossly negligent" in its security practices. Twitter has made no action to address these allegations due to its ongoing legal proceedings with Elon Musk. The multibillionaire Tesla and SpaceX CEO is using Zatko's claims in his court bid to withdraw from his $44 billion deal to buy Twitter.
Read also: Elon Musk Allowed to Cite Twitter Whistleblower Claims, But Can't Delay Trial: Delaware Judge
2021 Data Breach Exposes Millions of User Data to Threat Actors
In July, a data breach hit Twitter as attackers put up for sale a database of phone numbers and email addresses linked to 5.4 million Twitter accounts stolen in December 2021.
These attackers used the zero-day vulnerability patched in January to collect private user information.
Since July, those hacked verified Twitter accounts were still being used to send fake but well-crafted suspension messages in their attempts to steal moreverified users' credentials in an expanded data breach.