Twitter announced this week that it recently fixed a bug that kept users logged in to their accounts on multiple devices after they performed a voluntary password reset. The microblogging website also said that it logged out those who might have been affected due to the bug. The company also advised users to review the controls available in the settings menu and to monitor active open sessions regularly. The company’s disclosure of the bug comes weeks after it was accused by former security chief Peiter Zatko of poor security practices, failing to tackle fake accounts, and allowing foreign governments to place agents on the company’s payroll.

In a blog post, Twitter announced that a bug was introduced after it made a change to its systems that power password resets last year. The company said that the bug allowed Twitter accounts to stay logged in from multiple devices after a voluntarily password reset. “That means that if you proactively changed your password on one device, but still had an open session on another device, that session may not have been closed,” Twitter said.