Twitter has revealed that last week there was a "bug" in its password recovery system which could have potentially exposed the email address and phone numbers of a "small number" of users. The company place this number at around less than 10,000 active accounts and all have been notified today: "If you weren't notified, you weren't affected," wrote Michael Coates, Twitter's trust and info security officer.
In a blog post, the company said that it discovered the bug last week and it was operational for about 24 hours. Upon its discovery, Twitter fixed it and concluded that no passwords and other pertinent information needed to directly access an account were exposed.
"We take these incidents very seriously, and we're sorry this occurred," Coates stated. "Any user that we find to have exploited the bug to access another account's information will be permanently suspended, and we will also be engaging law enforcement as appropriate so they may conduct a thorough investigation and bring charges as warranted."
The company took the opportunity to also remind users about "good account security hygiene, such as requiring additional information be needed to reset a password, using a strong password, implementing login verification, and revoking third-party app access privileges for those not recognizable.
More information:
Powered by VBProfiles
Twitter reveals there was a bug in its password recovery system, no information exposed
from VentureBeat >> Social Media Companies | Social Network News | VentureBeat http://ift.tt/1Q2btdj
via
No comments:
Post a Comment