Twitter says it hasn’t logged out of user accounts since password reset • CableFree TV

Published by
Peter Kavinsky

Weeks after former Twitter security chief accused the company cybersecurity mismanagement, Twitter is now informed of their users an error that did not close all active user sessions that were signed in on Android and iOS after resetting the account password. This issue could have implications for those who reset their password because they believed their Twitter account might be at risk, such as a lost or stolen device.

Assuming that whoever owned the device could access its apps, they would have full access to the affected user’s Twitter account.

AT blog Post, Twitter explains that it has become aware of a bug that allowed “some” accounts to remain across multiple devices after a user voluntarily reset their password.

Typically, when a password reset occurs, the session token that keeps the user logged in is also revoked, but this does not happen on mobile devices, according to Twitter. Web sessions, however, were not affected and were closed accordingly.

Twitter explains that the bug came about after changes were made to systems last year that led to password resets, meaning the bug has existed for months undetected. To address this issue, Twitter is now informing affected users directly, proactively logging them out of open sessions across devices, and prompting them to log back in. However, the company did not specify how many people were affected.

“We take our responsibility to protect your privacy very seriously and unfortunately this has happened,” Twitter wrote in its announcement, where it also urged users view their active open sessions regularly from the app settings.

The issue is the latest in a long line of security incidents at the company in recent years, though it’s not as severe as some in the past – like the bug that was reported last month. this exposed at least 5.4 million Twitter accounts. In this case, a security vulnerability allowed attackers to collect information about Twitter user accounts, which were then put up for sale on a cybercriminal forum.

Last May, Twitter was also forced to pay $150 million as a settlement agreement with the Federal Trade Commission for using personal information provided by users to protect their accounts, such as email addresses and phone numbers, for ad targeting purposes. And in 2019, Twitter disclosed a bug due to which the location data of some users was transmitted partners and another who also led to user data that is shared with partners. Also, he ran into a problem when a security researcher exploited a vulnerability in an Android app to match 17 million phone numbers with Twitter user accounts.

While it’s helpful that Twitter is open about bugs it finds and fixes, the company’s general cybersecurity issues are currently under scrutiny after whistleblower complaint filed by former head of security Pater “Maj” Zatko in August.

Zatko claimed that the company was negligent in protecting its platform, citing issues such as lack of security for employee devices, lack of security for Twitter source code, excessive employee access to sensitive data and the Twitter service, a number of unpatched vulnerabilities, and lack of data encryption for some stored data. , an excessive number of security incidents and much more, as well as threats to national security.

In that context, even smaller bugs like the one uncovered this week might not be considered one-off bugs by the company, but rather another example of Twitter’s broader security issues that deserve more attention.

Peter Kavinsky

Peter Kavinsky is the Executive Editor at cablefreetv.org

Recent Posts

  • News

Libyan Prime Minister Dibeybe is pleased with the agreements signed with Turkey

Dibeybe is satisfied with the agreements signed with Turkey Libyan Prime Minister Abdulhamid Dibeybe expressed…

1 min ago
  • News

Jonny Clayton admits he was lucky to avoid early World Grand Prix exit

Click Here to Watch this Event Live Online for Free! Reigning champion Jonny Clayton has…

2 mins ago
  • News

John Curtius leaves Tiger Global to start his own venture fund • CableFree TV

John Curtius, an experienced senior partner at Tiger Global who has been at the center…

8 mins ago
  • News

UPDATE: MJF Pays Tribute to Wheeler Utah, Says He’ll Never Wrestle Eddie Kingston, Kingston’s Reaction and More News

UPDATE: Eddie Kingston has now joined the MJF shot taken at him earlier today. He…

9 mins ago
  • News

If a person has not served the invaders, there is no reason to consider him an associate – President

Volodymyr Zelenskyy stressed that if a person did not serve the invaders and betray Ukraine,…

10 mins ago
  • News

Deceased Franco Dragone, circus and theater legend, creator of Philip Kirkorov’s show “I”

Deceased Franco Dragone, circus and theater legend, creator of Philip Kirkorov's show "I"A picture: GLOBAL…

14 mins ago