Twitter bug could have exposed nearly 10,000 users’ phone numbers and email addresses
Twitter has fixed a bug that affected user accounts Getty Images

Twitter has said that its password recovery system was affected for 24 hours by a bug, which affected nearly 10,000 accounts. The bug could have potentially exposed email addresses and phone numbers of the accounts affected.

Twitter has confirmed in a blog post that the bug has been fixed. The social media giant also confirmed that user accounts had not been breached and that passwords were not at risk. However, the bug did affect some users, who Twitter has personally notified.

Twitter's trust and information security officer Michael Coates said in the post: "We recently learned about — and immediately fixed — a bug that affected our password recovery systems for about 24 hours last week. We take these incidents very seriously, and we're sorry this occurred."

Coates also goes on to reassure users that should the tech firm's security team find anyone who has "exploited this bug to access another account's information", Twitter will immediately and permanently suspend the said offender's account. In efforts to express the seriousness of the potential security issue, Twitter has also said that it will initiate "a thorough investigation and bring charges as warranted".

Although the bug affected a minor section of Twitter's over 300 million users, the post suggests that users adopt "good security hygiene" by incorporating certain security measures for their Twitter accounts. Coates urges users to consider using the app's two-step verification feature, which offers users an additional login verification check to ensure that "you and only you can access your Twitter account".

Twitter also suggested that users revoke access privileges of any third-party applications that "you do not recognise". Users are also cautioned to utilise the tech firm's additional information feature when initiating a password recovery or reset process. This feature requires users to enter additional information, like a phone number or email address when requesting for a password reset notification. Users can opt to activate these additional security features via settings in either Twitter's website or its mobile app.