Twitter advising all 330 million users to change passwords after bug exposed them in plain text

Twitter

Twitter is urging all of its more than 330 million users to immediately change their passwords after a bug exposed them in plain text. While Twitter’s investigation showed that there was no evidence that any breach or misuse of the unmasked passwords occurred, the company is recommending that users change their Twitter passwords out of an “abundance of caution,” both on the site itself and anywhere else they may have used that password, which includes third-party apps like Twitterrific and TweetDeck.

According to Twitter, the bug occurred due to an issue in the hashing process that masks passwords by replacing them with a random string of characters that get stored on Twitter’s system. But due to an error with the system, apparently passwords were being saved in plain text to an internal log, instead of masking them with the hashing process. Twitter claims to have found the bug on its own and removed the passwords. It’s working to make sure that similar issues don’t come up again.

Twitter hasn’t revealed how many users’ passwords may have potentially been compromised or how long the bug was exposing passwords before it found and fixed the issue. But the fact that the company is urging its entire user base to change their passwords indicates that it would seem to be a significant number of users.

Twitter has added a warning in its mobile apps recommending users change their passwords

In general, it’s worth taking some time to think about how your passwords are set up. Consider switching over to a password manager (we have a great guide on how and why you should use one here) and avoid repeating passwords across services. That way, when leaks like these do happen, you can avoid the worst of the damage.

Update May 3rd, 5:00pm: Clarified Twitter’s investigation results.


Hi, Am Freelance Website Programmer, based in FCT Abuja, Nigeria. I had spent 7 years in the corporate world as a Website Designer/Developer, working both in the office and then working remotely from home. 7years ago I left the corporate world and transitioned to working solely from home as a freelance web programmer. And have done so many project online, and with my few years of experience, i have acquire lots of skills in website development. Am vast in most of the popular programming language. I provide a variety of website development services that include full website development through custom PHP programming and/or open source applications like self hosted WordPress, Joomla. I also provide services for website maintenance, debugging code problems, making mobile friendly websites, fixing and securing hacked websites and improving website speed. If you hire me, you can depend on me being available ongoing, as needed for years to come.

Comments

  1. I always used to read post in news papers but now as I am a user of web so from now I am using net for content,
    thanks to web.

  2. After going over a number of the blog posts on your blog, I honestly like
    your way of writing a blog. I book-marked it to my bookmark site list and will be checking back soon. Please visit my web site too and let
    me know your opinion.
    +905443535397

  3. An impressive share! I have just forwarded this onto a co-worker who has been doing a little research on this.

    And he in fact bought me lunch simply because I found it for him…
    lol. So let me reword this…. Thanks for the meal!! But yeah, thanx for spending some time
    to discuss this topic here on your internet site.

    +905323495077

  4. This post is worth everyone’s attention. When can I find out more?

  5. Excellent way of telling, and pleasant article to obtain information regarding my presentation subject matter, which i am going to deliver
    in college.

  6. Hey very nice blog!

  7. Am so happy.

  8. Great

  9. Something this good needs to be shared.

  10. Thanks

  11. Thanks

Leave a Reply

error

Enjoy this blog? Please spread the word :)

%d bloggers like this: