Twitter today said a bug in its password recovery systems exposed nearly 10,000 users' information, including email addresses and phone numbers, for about 24 hours last week. The company announced the news in a blog post this afternoon, clarifying that user passwords were not at risk and no accounts were breached. Twitter says it has already notified the select users of the bug, so those who were not contacted were not affected.
"We take these incidents very seriously, and we’re sorry this occurred," writes Michael Coates, Twitter's trust and information security officer. "Any user that we find to have exploited the bug to access another account’s information will be permanently suspended, and we will also be engaging law enforcement as appropriate so they may conduct a thorough investigation and bring charges as warranted."
"Any user that we find to have exploited this bug ... will be permanently suspended."
While this bug is relatively minor, Twitter says it's a good reason to check the security measure you have in place for your account. The company added two-step verification, which asks for confirmation of a login using a second device and a SMS message, back in May 2013 for its website and then later in August 2013 for iOS and Android. Twitter calls this feature login verification and you can check if you have it enabled by checking the "security and privacy" panel of your settings on twitter.com or through the service's mobile app by going to settings and then tapping security.