Twitter has applied a fix to what it described as a “password recovery bug” that has exposed nearly 10,000 accounts on the microblogging site.
The company added in a blog post that the e-mail addresses and phone numbers attached to those accounts had been affected by the security flaw. It said:
We take these incidents very seriously, and we’re sorry this occurred.
Any user that we find to have exploited the bug to access another account’s information will be permanently suspended, and we will also be engaging law enforcement as appropriate so they may conduct a thorough investigation and bring charges as warranted.
In this instance, Twitter said that the security blunder had not revealed the affected users’ passwords.
It also reminded folk to ensure “good account security hygiene” by having strong passwords and considering options such as Twitter’s login verification tool.
SOURCE: Kelly Fiveash | Ars Technica