Twitter: Change your Passwords

May 04, 2018

Twitter has urged all 330 million users to immediately change their passwords after discovering a bug that stored passwords in plain text in an internal system.

The social media giant say that they have since fixed the problem, and have seen “no indication of breach or misuse” after investigating.

However, the company advised all users to change their passwords out of an “abundance of caution”.

Experts have pointed out that companies with good security practices typically store user passwords in a form that cannot be read.

According to Twitter’s security processes, passwords are masked through a process called hashing, which replaces the actual password with a random set of numbers and letters that are then stored in the company’s system.

But due to the bug, the passwords were being written into an internal log in plain text before being masked by the hashing process.

According to technology expert, Phil Libin, Twitter’s error is worrying because there is no reason for a company to store user passwords in plain text.

He said: “This is not a breach. It’s significantly worse. This kind of bug seems grossly negligent at best.”

Twitter’s Chief Technology Officer, Parag Agrawal, has apologised for the mistake.