Twitter may be one of the biggest social media sites out there, but that hasn’t stopped it having its own share of security issues. The latest trouble Twitter is having involves an incident affecting password resets on Twitter.
According to them, there was a bug that had allowed Twitter accounts to remain logged in on multiple devices, even after you’ve reset your password. Essentially, if you had changed your Twitter account’s password on one device, but had Twitter logged in on your other devices, you’ll remain logged in on those other devices even though you’ve changed your password. Understandably, this is a pretty bad thing as if you were resetting your password due to your account security being compromised, any bad actors with access to it will still have access to it.
We fixed a bug that didn't close all active logged in sessions on Android and iOS after an account's password was reset. To keep your account safe, we logged some of you out. You can log back in to keep using Twitter.
— Twitter Support (@TwitterSupport) September 21, 2022
For more details on what happened: https://t.co/OmjLKOe5bs
Twitter says that the bug surfaced last year during a change to the password system, and has since been fixed. They’ve also directly informed the users that they were able to identify who would have been affected by this, as well as logging them out of their Twitter and prompting them into logging back in again. If you’ve suddenly found yourself logged out, this is perhaps why. Do note though that this is only dependent on whether Twitter could determine if you were affected, so if you’ve changed your password sometime since last year, you might want to check where your account is currently logged in on to be sure.
You can also log out of all other open sessions to be extra safe if you feel like you were affected by this. To do so, head over to the Settings page on Twitter, then go to Security and account access. From there, click on Apps and sessions, then hit Sessions, and you’ll be able to see your current active Twitter session, as well as all other devices which you’re currently logged in to. If you don’t recognise any of these devices, you can then choose to log out of all other sessions except the one you’re using.
For more information on the Twitter password reset bug, you can check out their full blog post on the issue here.