Twitter is emailing users whose account security was compromised by a bug last week, exposing email addresses and phone numbers linked to “a small number of accounts.”
In a blog post, the company said that fewer than 10,000 active accounts were affected.
A bug affected Twitter’s password recovery systems for about 24 hours last week, according to the emails sent by the company’s security team. One such email said that Twitter learned the email address linked to the user’s account had been viewed by another account.
“Any user that we find to have exploited the bug to access another account’s information will be permanently suspended, and we will also be engaging law enforcement as appropriate so they may conduct a thorough investigation and bring charges as warranted,” the email said.
Twitter suffered a high-profile spate of hacks in 2013. In one instance, the account for the Associated Press was compromised, tweeting false news about explosions in the White House that injured President Barack Obama. The fabricated report was quickly debunked, but not before the uncertainty caused a sharp drop in the stock market.
The hacks prompted Twitter to implement two-factor authentication, a heightened measure that requires access to both your password and your phone to enter your account. The latest breach, however, appeared to have been sparked by a software failing on Twitter’s part.
The company recommended steps users can take to enhance security, like setting a strong password of 10 or more characters and enabling its two-step log-in verification.