We recently learned about — and immediately fixed — a bug that affected our password recovery systems for about 24 hours last week. The bug had the potential to expose the email address and phone number associated with a small number of accounts (less than 10,000 active accounts). We’ve notified those account holders today, so if you weren’t notified, you weren’t affected.
We take these incidents very seriously, and we’re sorry this occurred. Any user that we find to have exploited the bug to access another account’s information will be permanently suspended, and we will also be engaging law enforcement as appropriate so they may conduct a thorough investigation and bring charges as warranted.
While this issue did not expose passwords or information that could be used directly to access an account, it serves as a reminder to us all about the importance of good account security hygiene. Some suggestions:
For more information about making your Twitter and other Internet accounts more secure, read our Help Center and the FTC’s guide on passwords.