I don't get how this could be used as an attack, unless whatever is displaying the tweet is vulnerable somehow? What kind of "reset code" are we talking about and why would just displaying it be harmful? Executing it I can understand, but just displaying?
Edit: I think I just figured it out, it's referring to "password reset code" that you can get if you try the "forget my password" option on login pages (not "code" as in "software code"), displaying that code would allow others to (possibly) set their own password for your account, would make sense as an attack vector in this case. Duh.
Edit: I think I just figured it out, it's referring to "password reset code" that you can get if you try the "forget my password" option on login pages (not "code" as in "software code"), displaying that code would allow others to (possibly) set their own password for your account, would make sense as an attack vector in this case. Duh.