Twitter didn’t log out users for a long time after changing their password

If you changed your password on Twitter, you were not always logged out of your devices afterwards. This way your account could still be used under the old login details.

Normally, after changing your password, all sessions should be logged out. This way you can be sure that your account is not accidentally left open on old devices. Twitter says it failed to do this automatic session reset on some accounts. After the login codes of these accounts were adjusted, the sessions on devices where the ‘new password’ had not yet been entered, remained active. Users where this is the case have been by Twitter informed. Also, all sessions of these accounts are logged out.

This is how you control your Twitter sessions

When and how the problem came to light, Twitter did not report. However, Twitter says that only a limited user group has been affected by the problem and states that the session problem has been active since the past year. However, the platform recommends that users who did not receive the email about the vulnerability check their open sessions.

Below we explain how you can check the sessions on Twitter via the Android and iOS apps. Feel free to close sessions that you do not recognize, for example from web browsers or telephones that you no longer own. This way you can be sure that others cannot just access your account.

  1. Open the Twitter app on Android or iOS
  2. Click on you at the top right profile icon and then on Settings and privacy
  3. Then navigate to Security and account access
  4. Click in this menu on Apps and sessions
  5. Check below Sessions which devices you no longer use
  6. click on the session and then Log out of the displayed device

Not the first security issue

This isn’t Twitter’s first security vulnerability exposed this year. Earlier it appeared that a security vulnerability in the Android application ensured that the phone numbers and email addresses of 5.4 million users were put on the street. Peiter Zatko, an ex-Twitter director and now whistleblower, reported earlier this summer that Twitter isn’t up to par when it comes to security. The company uses outdated software, among other things, Zatko says that reports of those problems were never taken seriously.

Notice: This product requires JavaScript.



The article is in Dutch

Tags: Twitter didnt log users long time changing password

PREV Instagram is working on a filter that will automatically block nude photos and other unwanted messages | Internet
NEXT Epic Games gives away wanted game for free