Twitter discloses it wasn’t logging users out of accounts after password resets

Weeks after Twitter’s ex-security chief accused the company of cybersecurity mismanagement, Twitter has now informed its users of a bug that didn’t close all of a user’s active logged-in sessions on Android and iOS after an account’s password was reset. This issue could have implications for those who had reset their password because they believed their Twitter account could be at risk, perhaps because of a lost or stolen device, for instance.
Assuming whoever had possession of the device could access its apps, they would have had full access to the impacted user’

リンク元