Twitter is suggesting that users change their Twitter passwords after a technical glitch led to their exposure in an internal log.
“We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone,” Twitter chief technology officer Parag Agrawal wrote in a blog post on Thursday, May 3.
“Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password.”
Not an ideal situation, we would think.
Bug led to Twitter passwords being stored in plaintext
Agrawal explains that every user’s Twitter password is masked through a process called hashing, which uses a function known as bcrypt.
The process replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system. That allows Twitter to validate a user’s account credentials without revealing their password.
“Due to a bug, passwords were written to an internal log before completing the hashing process,” Agrawal writes. “We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.”
How to keep your account safe
Aside from changing your password, Twitter offered the following tips to make sure your account remains secure:
- Change your password on any other service where you may have used the same one before.
- Use a strong password that you don’t reuse on other websites.
- Enable login verification, also known as two factor authentication.
- Use a password manager to make sure you’re using strong, unique passwords everywhere.