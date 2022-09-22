U.S. markets close in 2 hours 29 minutes

  • S&P 500

    3,764.27
    -25.66 (-0.68%)
     

  • Dow 30

    30,130.29
    -53.49 (-0.18%)
     

  • Nasdaq

    11,066.23
    -153.96 (-1.37%)
     

  • Russell 2000

    1,718.81
    -43.35 (-2.46%)
     

  • Crude Oil

    83.48
    +0.54 (+0.65%)
     

  • Gold

    1,682.40
    +6.70 (+0.40%)
     

  • Silver

    19.64
    +0.16 (+0.80%)
     

  • EUR/USD

    0.9849
    +0.0006 (+0.06%)
     

  • 10-Yr Bond

    3.6840
    +0.1740 (+4.96%)
     

  • GBP/USD

    1.1271
    -0.0003 (-0.03%)
     

  • USD/JPY

    142.1600
    -1.8760 (-1.30%)
     

  • BTC-USD

    19,015.84
    -242.28 (-1.26%)
     

  • CMC Crypto 200

    433.05
    +5.53 (+1.29%)
     

  • FTSE 100

    7,159.52
    -78.12 (-1.08%)
     

  • Nikkei 225

    27,153.83
    -159.30 (-0.58%)
     

Twitter discloses it wasn't logging users out of accounts after password resets

0
Sarah Perez and Zack Whittaker
·3 min read

Weeks after Twitter's ex-security chief accused the company of cybersecurity mismanagement, Twitter has now informed its users of a bug that didn't close all of a user's active logged-in sessions on Android and iOS after an account's password was reset. This issue could have implications for those who had reset their password because they believed their Twitter account could be at risk, perhaps because of a lost or stolen device, for instance.

Assuming whoever had possession of the device could access its apps, they would have had full access to the impacted user's Twitter account.

In a blog post, Twitter explains that it had learned of the bug that had allowed "some" accounts to stay logged in on multiple devices after a user reset their password voluntarily.

Typically, when a password reset occurs, the session token that keeps a user logged into the app is also revoked -- but that didn't take place on mobile devices, Twitter says. Web sessions, however, were not impacted and were closed appropriately, it noted.

Twitter explains the bug came about after a change it made last year to the systems that powered its password resets, meaning the bug has existed for a number of months undetected. To address the issue, Twitter has now directly informed the affected users, proactively logged them out of their open sessions across devices and prompted them to log in again. The company didn't detail how many people were impacted, however.

"We take our responsibility to protect your privacy very seriously and it is unfortunate this happened," Twitter wrote in its announcement, where it also encouraged users to review their active open sessions regularly from the app's settings.

The issue is the latest in a long line of security incidents at the company in recent years, though it is not as severe as some in the past -- like the bug reported last month that had exposed at least 5.4 million Twitter accounts. In that case, a security vulnerability had allowed threat actors to compile information on Twitter users' accounts, which were then listed for sale on a cybercrime forum.

Twitter fixes security bug that exposed at least 5.4 million accounts

This past May, Twitter was also forced to pay $150 million in a settlement with the Federal Trade Commission for using personal information provided by users to secure their accounts, like emails and phone numbers, for ad targeting purposes. And in 2019, Twitter disclosed a bug that had shared some users' location data to partners, and another which also led to user data being shared with partners. Plus, it faced an issue where a security researcher had used a flaw in the Android app to match 17 million phone numbers with Twitter user accounts.

While it's helpful that Twitter is transparent about the bugs it finds and the fixes it makes, the company's overall cybersecurity issues are now under increased scrutiny following the whistleblower complaint filed by its former head of security, Peiter “Mudge” Zatko in August.

Ex-security chief accuses Twitter of cybersecurity mismanagement in an explosive whistleblower complaint

Zatko alleged the company has been negligent in securing its platform, citing issues including a lack of employee device security, lack of protections around the Twitter source code, overbroad employee access to sensitive data and the Twitter service, a number of unpatched vulnerabilities, lack of data encryption for some stored data, an overly high number of security incidents, and more, as well as threats to national security.

In this context, even lesser bugs like the one disclosed this week may not be considered one-off missteps by a company, but rather yet another example of broader security issues at Twitter that deserve more attention.

What we learned when Twitter whistleblower Mudge testified to Congress

Recommended Stories

  • Instagram is developing a nudity filter for direct messages

    Instagram is testing a new way to filter out unsolicited nude messages sent over direct messages, confirming reports of the development posted by app researcher Alessandro Paluzzi earlier this week. The images indicated Instagram was working on technology that would cover up photos that may contain nudity but noted that the company would not be able to access the photos itself. The development was first reported by The Verge and Instagram confirmed the feature to TechCrunch.

  • Peloton Doubles Down on Making Incredibly Bad Decisions

    At some point, connected fitness company Peloton (NASDAQ: PTON) needs to decide what it wants to be. Is it a luxury fitness equipment company selling to those who don't think twice about dropping thousands of dollars on shiny new products? With CEO Barry McCarthy taking over earlier this year, it seemed like Peloton was moving toward becoming a mainstream brand.

  • Japan to loosen travel restrictions imposed during pandemic

    Japan’s strict border restrictions will be loosened next month, the prime minister announced Thursday, allowing tourists to easily enter for the first time since the start of the pandemic. In a news conference at the foot of Central Park in New York, Prime Minister Fumio Kishida said independent tourists would again be welcomed as of Oct. 11, not just those traveling with authorized groups. A cap on the number of tourists will also be lifted, as will new visa requirements that were imposed in response to the pandemic.

  • ‘Moore’s Law’s dead,’ Nvidia CEO Jensen Huang says in justifying gaming-card price hike

    Nvidia Corp. Chief Executive Jensen Huang on Wednesday said he thinks it's going to be "a pretty terrific Q4 for Ada," the company's next-generation chip architecture it unveiled this week, even as critics balk of a price hike during a softening in consumer demand.

  • Western Digital's Charts Keep Going South

    Mizuho Securities reduced its fundamental rating of Western Digital to "Neutral" from "Buy" earlier on Wednesday. In this daily bar chart of WDC, below, we can see how prices have weakened in the past twelve months. The On-Balance-Volume (OBV) line has been weak all year and just declining to a new low for the move down.

  • My 3 Favorite Stocks Right Now

    To help you identify investments that are most worthy of your hard-earned money, I offer my three highest-conviction ideas right now. All are outstanding businesses that are well-positioned to generate handsome returns for their shareowners in the coming years. Snowflake (NYSE: SNOW) helps businesses make better use of their data at a time when harvesting valuable insights from the cloud is becoming more important every day.

  • 3 Beaten-Down Nasdaq Stocks You'll Regret Not Buying the Dip On

    The tech-heavy Nasdaq has been crushed this year. The Nasdaq Composite is down 27% and could be a fertile breeding ground for quality high-growth stocks selling at mouthwatering prices. Apple (NASDAQ: AAPL) is the largest holding in Warren Buffett's company, Berkshire Hathaway.

  • Nvidia CEO Says ‘Moore’s Law Is Dead’

    Nvidia CEO Jensen Huang says that expecting twice the performance for similar cost is "a thing of the past" for the chip industry.

  • Should You Really Buy Apple Stock?

    Pre-sales for the latest iPhone may seem strong, but its lower-tiered models are not selling as expected.

  • Oops! Apple Forgot to Tell Us About the iPhone 14's Best Feature

    Phone-repair enthusiasts found a massive -- and welcome -- surprise inside Apple's latest and greatest iPhones.

  • Tesla set to unveil humanoid robot Optimus

    Tech billionaire says AI bot could one day be used in homes to make dinner, mow lawns and care for the elderly

  • Oracle Has Shocking News That You Should Know

    Oracle (NYSE: ORCL) reported solid results in its first fiscal quarter. On a constant currency basis (without foreign currency effects), its cloud infrastructure revenue increased 58% year over year, and cloud application revenue jumped 48%. In addition to the impressive cloud business growth, Oracle's founder and chairman, Larry Ellison, delivered some shocking news.

  • Apple Watch Ultra Review: Better Battery Life, but Not Quite Extreme

    Apple’s newest wearable is for endurance athletes and outdoorsy types, with multiday battery life and a rugged build. So how does it fare against reigning champ Garmin?

  • Meta Sued for Skirting Apple Privacy Rules to Snoop on Users

    (Bloomberg) -- Meta Platforms Inc. was sued for allegedly building a secret work-around to safeguards that Apple Inc. launched last year to protect iPhone users from having their internet activity tracked.Most Read from BloombergUkraine Seizes Dozens of Russian Tanks Left by Fleeing ForcesPutin Calls Up More Troops, Resumes Nuclear Threat Over UkrainePowell Signals More Pain to Come With Fed Sending Rates HigherA Great Copper Squeeze Is Coming for the Global EconomySouth Korea President Caught o

  • Cybersecurity Stocks To Watch Amid Uber Data Breach

    Cybersecurity stocks have underperformed vs. the S&P 500. But cloud security companies may be better positioned as corporate budgets tighten.

  • Investors Find a Lot to Like in Tech, Even as a Market Bottom Remains Elusive

    (Bloomberg) -- Even as the Federal Reserve jacks up interest rates and sends technology stocks tumbling, it only gets harder to stay away from the sector. Most Read from BloombergUkraine Seizes Dozens of Russian Tanks Left by Fleeing ForcesPutin Calls Up More Troops, Resumes Nuclear Threat Over UkrainePowell Signals More Pain to Come With Fed Sending Rates HigherA Great Copper Squeeze Is Coming for the Global EconomySouth Korea President Caught on Hot Mic Insulting US CongressOn the one hand, th

  • Artificial Intelligence Stocks To Watch: Big Tech Expands AI Products, Services

    When looking for the best artificial intelligence stocks to buy, identify companies using AI technology to improve products or gain a strategic edge, such as Google, Microsoft and Nvidia.

  • Microsoft reveals when it will launch new Surface computers

    The Surface Laptop 5, Surface Pro 9 laptop-tablet hybrid, and Surface Studio 3 desktop are expected to launch on 12 October

  • Elon Musk is getting ready to unleash an army of humanoid robots. Here's what he wants to use them for

    On September 30, Tesla plans to unveil a prototype of Optimus, its humanoid robot.

  • Amazon, Microsoft, Google Face Cloud-Services Examination in U.K.

    The U.K.’s Office of Communications is probing the companies’ market positions in the coming weeks as part of a market study into the country’s cloud-infrastructure-services sector.