Twitter said in a blog post Wednesday that a bug in its password recovery system could have impacted about 10,000 accounts. The bug was active for about 24 hours last week, before Twitter discovered and quashed it. Twitter claims the glitch did not leak any passwords, but it may have revealed email addresses and phone numbers associated with affected accounts.
"We take these incidents very seriously, and we’re sorry this occurred," the company wrote. "Any user that we find to have exploited the bug to access another account’s information will be permanently suspended, and we will also be engaging law enforcement as appropriate so they may conduct a thorough investigation and bring charges as warranted."
Twitter also cautioned people to exercise "good account security hygiene." The company said it has notified all affected users.
[via Ars Technica]