A Twitter flaw was reported by concerned social media users, involving some Twitter accounts being unable to be logged out from other devices despite having the passwords changed. According to the report, if a user has changed their Twitter account password but still has an open session on another device, the platform will not stop the session and will continue to access the account.
Hence, there could be potential privacy risks for Twitter users impacted by this vulnerability. Moreover, users who have logged accounts to multiple devices may encounter problems since their accounts will remain active even after changing their credentials.
This report has prompted the social media company to reach out to those who might have been affected. Twitter admins stated that they logged all active sessions from all devices.
The company added that they have directly notified the individuals who were able to identify that they were also affected by the vulnerability. The company asked them to log in to their accounts after stopping all existing sessions from other devices.
The newly discovered Twitter flaw is the second major incident reported in a year.
A couple of months ago, Twitter was also struck by a cybersecurity breach after an unidentified threat group sold a database that contained information connected to over 5 million stolen Twitter accounts from December last year.
Experts claimed that the threat actors used a Twitter flaw to gather the data. Fortunately, Twitter has already fixed the vulnerability.
However, a hacking forum confirmed the Twitter accounts listed on the stolen samples shared by the threat actors. All email addresses and mobile numbers from the stolen database were accurate.
The social media platform has also verified the reports by stating that the threat actors utilised a zero-day flaw. The threatening part of the incident is that the threat actors are using the hacked verified Twitter accounts to distribute well-written suspension messages that try to steal other users’ credentials.
As of now, Twitter has been sending an advisory to users regarding the two incidents against its system.
