Security on a global platform like Twitter is a 24/7 job – we are constantly evolving to respond to new threats and attacks against our users and our systems. In order to stay ahead of the game we staff dedicated account-, network-, enterprise-, corporate-, and application-security teams, as well as an incident detection and response team.
We recently learned about — and immediately fixed — a bug that affected our password recovery systems for about 24 hours last week. The bug had the potential to expose the email address and phone number associated with a small number of accounts (less than 10,000 active accounts). We’ve notified those account holders today, so if you weren’t notified, you weren’t affected.