- Twitter revealed that a bug caused passwords to be shown in plain text in its internal systems.
- As a result, Twitter suggested that its users change their passwords.
- Twitter did not say how many passwords were affected, though the number is reportedly “substantial.”
Typically, passwords enter a hashing process that replaces them with a random set of numbers and letters. The process prevents hackers from accessing passwords if they manage to enter Twitter’s systems.
However, the bug caused passwords to be improperly stored in plain text on internal logs. Twitter supposedly found the bug itself and fixed the issue, with the site saying there is “no reason to believe password information ever left Twitter’s systems or was misuses by anyone.”
Twitter nonetheless suggested that its users change their passwords “out of an abundance of caution.” If you want to be extra safe, Twitter even suggested that users change the passwords of other accounts that use their Twitter passwords.
We recently discovered a bug where account passwords were being written to an internal log before completing a masking/hashing process. We’ve fixed, see no indication of breach or misuse, and believe it’s important for us to be open about this internal defect. https://t.co/BJezo7Gk00
— jack (@jack) May 3, 2018
The social media site did not say how many passwords were affected by the bug. One source told Reuters said the number is “substantial” and that the passwords were exposed for “several months.”
The same source also said that Twitter reported the bug to some regulators.
The news could not come at a worse time for Twitter. Uber and Facebook’s security incidents, among other high-profile data breaches, have lawmakers and regulators around the world scrutinizing how companies store and secure consumer data.
Twitter could face similar scrutiny in the near future due to the bug. In the meantime, now would be a great time to change your passwords and enable two-factor authentication. Maybe consider a password manager as well?