Twitter has squashed a bug that could have exposed user email addresses and phone numbers, the company confirmed in a blog post on Wednesday.
For a period of 24 hours last week, an issue in Twitter’s password recovery system exposed the email addresses and phone numbers of user accounts, Michael Coates, the company’s trust and information security officer wrote in a blog post. Twitter quickly fixed the bug and the information is no longer accessible. The company said that it has notified affected users, though as of this writing, it’s believed to have impacted fewer than 10,000 of Twitter’s more than 320 million monthly active users.
“We take these incidents very seriously, and we’re sorry this occurred,” Coates wrote in his statement. “Any user that we find to have exploited the bug to access another account’s information will be permanently suspended, and we will also be engaging law enforcement as appropriate so they may conduct a thorough investigation and bring charges as warranted.”
Get Data Sheet, Coins2Day’s technology newsletter.
Coates was quick to add that the bug “did not expose passwords or information that could be used directly to access an account.” He added that Twitter did not identify any abuse of the bug.
In his blog post, Coates said that the bug is a “reminder” to users about practicing “good account security hygiene.” He suggested that users employ a strong password to access the social service and consider requiring that additional information, including a mobile phone number or email address, be input in order to reset a password. Coates also said users should remove the ability for unknown third-party applications to access data to protect their information.
That said, while the issue did not necessarily impact user security, it illustrates the trouble users face with protecting their own data. Indeed, data protection is not a one-sided game. While users could have strong passwords, use two-factor authentication, and employ other security techniques, if a company’s network is hacked, there’s little customers can do but watch their information fall into the hands of malicious parties.
For more, read: Upcoming Mac Update Fixes This Annoying Twitter Bug
Luckily, in this case, Twitter was not hacked and simply needed to quash a tiny bug.
Coates said that if a user did not receive an email from the company alerting them to the bug, they weren’t affected.