10,000 Twitter Users Affected By Password Recovery Bug
Twitter confirmed that it has patched a problem by known as a “password recovery bug.” You know what due to this problem thousands of Twitter accounts affected as well as the company added, that security flaw affected not only the user’s emails but also phone numbers.
Twitter confirmed in a blog post that the bug affected nearly 10,000 accounts on the micro-blogging site. The company said:
“We take these incidents very seriously, and we’re sorry this occurred,” the company said in the blog post. “Any user that we find to have exploited the bug to access another account’s information will be permanently suspended, and we will also be engaging law enforcement as appropriate so they may conduct a thorough investigation and bring charges as warranted.”
And after that Twitter also said about this case that the security bloomer did not unveil the affected user’s passwords or any kind of information by which they could access your account directly. And definitely it would be treat as a good reminder for users to practice for 'good account security hygiene'.
Michael Coates☄ Words (Trust & Info Security Officer @Twitter, @OWASP Global Board):
We recently learned about — and immediately fixed — a bug that affected our password recovery systems for about 24 hours last week. The bug had the potential to expose the email address and phone number associated with a small number of accounts (less than 10,000 active accounts).
We’ve notified those account holders today, so if you weren’t notified, you weren’t affected.
We take these incidents very seriously, and we’re sorry this occurred. Any user that we find to have exploited the bug to access another account’s information will be permanently suspended, and we will also be engaging law enforcement as appropriate so they may conduct a thorough investigation and bring charges as warranted.
While this issue did not expose passwords or information that could be used directly to access an account, it serves as a reminder to us all about the importance of good account security hygiene. Some suggestions:
Require additional information be entered in order to initiate a password reset. This feature will require that you enter your account email address or mobile number, in addition to your username, in order to send a password reset email or SMS/text.
Be sure to use a strong password – at least 10 (but more is better) characters and a mixture of upper and lowercase letters, numbers, and symbols – that you are not using for any other accounts or sites.
Consider using login verification. Instead of relying on just a password, login verificationintroduces a second check to make sure that you and only you can access your Twitter account.
Check the Applications tab at http://twitter.com/settings/applications and revoke the access privileges of any third party applications that you do not recognize.
If you’d like to review logins for your account you can do that at the Twitter data dashboard in your settings.
After all, the users must activate two-factor authentication, creating strong passwords or considering another option just like – Twitter’s login verification tool and requires additional information such as – an email account or mobile number due to login purposes.
Twitter announced many things regarding security in past few months, and they started warning users whom account might be targeted by attackers. To make user trustworthy across the social network, “Twitter Trust & Safety Council” formation announced.