A bug in Twitter’s password recovery system exposed the personal information of almost 10,000 active users. The personal information was contained to the email addresses and phone numbers associated with the affected accounts. Michael Coates, Twitter’s Trust & Information Security Officer, announced the bug and its remediation in a blog post. He wrote, “Any user that we find to have exploited the bug to access another account’s information will be permanently suspended, and we will also be engaging law enforcement as appropriate so they may conduct a thorough investigation and bring charges as warranted.”

The company has fixed the bug and notified all the users affected. Luckily this bug did not expose users’ passwords or other credentials. The report comes during an already difficult time for the social media giant. Earlier this month, Twitter users revolted against a proposed change to the Twitter timeline. Reports indicated that the Twitter interface was slated to introduce a Facebook-style timeline based on an algorithm which selected and ordered tweets, rather than the current reverse- chronological timeline which shows users every tweet in real-time. Users pronounced it to be the death of Twitter with the hashtag #RIPTwitter.

As part of the announcement, Coates took the opportunity to remind Twitter users to practice “good account security hygiene.” He proposed for Twitter users to enable two-factor authentication for password resets and account access, to check the Applications tab at http://twitter.com/settings/applications and ensure no unauthorized third-party apps have access to your account, and to review account logins through the Twitter dashboard in your settings.