Twitter Fixes Bug that Leaked E-Mails, Phone Numbers of 10,000 Users

A bug that affected Twitter's password recovery systems for about 24 hours last week is believed to have exposed the e-mail addresses and phone numbers of about 10,000 users, the company said yesterday in a blog post. Twitter said it "immediately fixed" the problem after it was identified, and will be working with law enforcement authorities "as appropriate."

The company did not respond to our request for more details about how the bug was identified or its ongoing investigation. However, all the affected account holders have been notified, and the bug did not expose users' passwords or other information that could allow unauthorized account access, according to the Twitter blog update.

Although it affected only a small number of Twitter's 320 million monthly active users, the issue "serves as a reminder to us all about the importance of good account security hygiene," said Twitter's trust and security officer Michael Coates in the post.

Investigation Is Pending

In addition to relaying an apology from the company, Coates noted that Twitter is working with law enforcement to "conduct a thorough investigation and bring charges as warranted." He added that the company will also permanently suspend any users found to have exploited the bug while it was active to gain unauthorized access to the account information of other users.

Twitter users can help to protect their account information by using two-factor authentication and strong passwords with at least 10 characters, including uppercase and lowercase letters, numbers and symbols, Coates said. Users should also check their settings to revoke access privileges for any third-party applications they don't recognize and require e-mail addresses and mobile phone numbers for password resets, he said.

In a recent commentary on Medium, Coates said that the Internet should be protected by a "basic set of user rights" recognized by both tech...

Comments are closed.