For a short time, estimated at 24 hours, Twitters password recovery system contained a bug that could have potentially exposed the email addresses and phone numbers of about 10,000 active account-holders.

The issue was fixed as soon as it was discovered and the problem did not expose passwords or any other information that could be used to directly access an account.

According to a post, Twitter said: "We take these incidents very seriously, and we're sorry this occurred. Any user that we find to have exploited the bug to access another account's information will be permanently suspended, and we will also be engaging law enforcement as appropriate so they may conduct a thorough investigation and bring charges as warranted.”

Twitter did not give the specifics of the bug, but said that resetting a password could result in accidental leakage of contact information.

Michael Kaiser, executive director of the National Cyber Security Alliance (NCSA),said: "When you reset your password on virtually any online service, the [new temporary] password is sent to an email address."

Kaiser praised Twitters fast response. “It seems like it was pretty fast, with only a small number of accounts affected, given the entire Twitter universe." As of Dec. 31, 2015, Twitter boasted 320 million monthly active users, per the company's website.

The company said it has alerted all customers affected by the bug.

Source: SCMagazine