Twitter on Thursday sent emails out to a handful of users telling them their attempt to log out of certain devices didn’t actually work, even after a password reset.
The ‘oops, lol’ email pointed the finger at a “recent technical issue”. But in a blog post expanding on the issue, Twitter said the bug was introduced after it made a change to the systems that power password resets last year.
The bug meant that if you proactively changed your password on one device, but still had an open session on another device, that session may not have been closed. Web sessions were not affected and were closed appropriately, Twitter confirmed.
[related_content first=”1700653″]
In the email, Twitter said it logged affected users out of all active Twitter sessions.
“We have directly informed the people we were able to identify who may have been affected by this, proactively logged them out of open sessions across devices, and prompted them to log in again,” Twitter wrote.
“We realise this may be inconvenient for some, but it was an important step to keep your account safe and secure from potential unwanted access.”
Twitter continued by saying it was “unfortunate” that the issue happened.
While it seems like a minor ‘thing’, the issue could have implications for those who had reset their password because they believed their Twitter account could be at risk, such as if their mobile device was lost or stolen.
If you have been logged out, you can log back into your account on all devices with no issues. But if you think someone may have accessed your Twitter account thanks to the password bug, you can review all recent Twitter sessions in your ‘account settings’.
As TechCrunch points out, news of the password bug follows just weeks after Twitter’s ex-security chief accused the company of cybersecurity mismanagement.
“We recognise and appreciate the trust you place in us, and are committed to earning that trust every day,” Twitter concludes its blog with.