Twitter said today it has fixed a bug that hit its password recovery systems for 24 hours last week. Less than 10,000 active accounts were affected, but that the bug could have potentially exposed emails and phone numbers connected to those users. Accounts who were affected have already been notified.
Twitter also said that they would call on law enforcement officials to investigate any users who they find exploited the security bug to access someone else’s account information. TechCrunch has contacted the company to see if that did indeed happen.
Though the bug affected a tiny fraction of Twitter’s 320 million users, it’s yet another reminder to practice what the company refers to as “good security hygiene,” including double authentication.