Twitter password recovery bug exposes data of 10,000 users

The bug may have exposed the email addresses and phone numbers associated with user accounts.
Written by Charlie Osborne, Contributing Writer on

Twitter has warned roughly 10,000 users that a bug discovered in the platform's password recovery system may have exposed their personal data.


In a blog post on Wednesday, Michael Coates, Twitter's Trust & Information Security officer said the bug affected the microblogging platform's systems for approximately 24 hours last week.

The password recovery bug, while "immediately fixed," had the potential to expose the email addresses and phone numbers linked to user accounts.

Twitter has notified the 10,000-or so affected users, so if you haven't had an email from the company land in your inbox recently, you have nothing to worry about.

Twitter said the firm was "sorry" this occurred but did not reveal any additional details on the software flaw. Coates commented:

"Any user that we find to have exploited the bug to access another account's information will be permanently suspended, and we will also be engaging law enforcement as appropriate so they may conduct a thorough investigation and bring charges as warranted."

The bug is nothing as serious as a full-blown data breach, but the situation does highlight how a small software flaw can turn into information theft. The company did, however, patch the problem almost as soon as it was discovered, which is good news for users -- as the bug's reach could have been far worse.

Twitter recommends that users use strong passwords, consider implementing two-factor authentication processes -- which require a code sent to a linked mobile device before an account can be accessed -- and notes that if you wish to check where and who has accessed your account, you have the option to check logs on the Twitter data dashboard.

The company also offers users the option to add additional information such as email addresses or phone numbers while going through the password reset process, instead of just the Twitter handle, as another layer of security you can opt for if you're concerned about account hijacking.

On Thursday, Twitter introduced two new features, allowing businesses to communicate to customers more easily through direct messaging, as well as a client feedback tool which gives companies the option to privately survey customer experiences.

2016: The best high-end laptops for business users

Read on: Top picks

Editorial standards