Hundreds of millions of Twitter users are being advised to change their passwords after an error inadvertently exposed some of them in plain text - an unmasked form - on its internal network.
Passwords are usually put through a process called “hashing”, which makes them difficult to read. However, a bug caused the passwords to be stored in the internal computer log before the process was complete, potentially exposing the information.
In a blog post about the bug, Twitter urged users not to panic but admitted that the way the information had been stored left some of them in readable form.
When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it. We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone.
Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve this password.
They did not release how many user passwords had been exposed. The BBC reported that a source told Reuters that Twitter discovered the bug a “few weeks ago and has reported it to some regulators”.
Twitter encourages people to their passwords, not only on Twitter but also for any other places that particular password was used.
Here’s what they recommend:
1. Change your password on Twitter and on any other service where you may have used the same password.
2. Use a strong password that you don’t reuse on other websites.
3. Enable login verification, also known as two factor authentication. This is the single best action you can take to increase your account security.
4. Use a password manager to make sure you’re using strong, unique passwords everywhere.