Twitter Fixes “Password Recovery Bug” That May Have Exposed Information Tied To 10,000 Accounts

Twitter says it has fixed a problem with its password recovery system that recently made vulnerable the emails and phone numbers associated with thousands of Twitter accounts. 
In a blog post late last night, Twitter confirmed that the glitch, which lasted around 24 hours last week, affected some 10,000 accounts.


“We take these incidents very seriously, and we’re sorry this occurred,” the company said in the blog post. “Any user that we find to have exploited the bug to access another account’s information will be permanently suspended, and we will also be engaging law enforcement as appropriate so they may conduct a thorough investigation and bring charges as warranted.”

Twitter says that while the issue did not expose passwords or information that could be used directly to access an account, it should serve as a reminder to users that they should practice “good account hygiene.”

That means users should consider activating two-factor authentication, create strong passwords, or require additional information – such as an email or mobile number – for login purposes.

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.