Twitter Recommends All Users Change Their Passwords
Following the discovery of a bug that exposed user’s passwords to the risk of being stolen, Twitter has recommended that all users change their password, as well as changing their passwords on any site where they use the same password. While no breach or misuse of the information was detected by the company, they are still recommending that all users change their passwords ‘out of an abundance of caution’.
We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password. https://t.co/RyEDvQOTaZ
— Twitter Support (@TwitterSupport) May 3, 2018
The bug involved the process by which the company protects users password, called hashing. Hashing converts the users passwords into a random string of numbers and letters. The password you enter is then also hashed and compared to the stored value, allowing Twitter to validate your credentials without compromising security. The bug caused the passwords to be written to an internal log before completing the process.
The company has removed the passwords and are taking measures to prevent this from occurring again.
Written by Brian McGloughlin