Weeks after Facebook’s CEO Mark Zuckerberg got grilled before Congress and admitted Facebook didn’t do enough’ to protect its users Twitter has managed to steal the spotlight. The social networking service on which users post and interact with messages known as “tweets” has asked its 330 million user base to change their passwords after an internal bug was discovered. The glitch is known to have internally exposed users’ passwords in plaintext. The company hiccup occurred because passwords were written to an internal registry without completing the ‘hashing’ process, a method by which the text written by the user when creating their password is replaced by a series of numbers and letters.
The recommendation was posted yesterday, May 3rd, on the company’s blog, although both the blog post and a tweet published by Jack Dorsey, the company’s CEO, confirmed that Twitter has resolved the problem and that there is no immediate indication of “non-compliance or misuse by anyone.”
We recently discovered a bug where account passwords were being written to an internal log before completing a masking/hashing process. We’ve fixed, see no indication of breach or misuse, and believe it’s important for us to be open about this internal defect. https://t.co/BJezo7Gk00
— jack (@jack) May 3, 2018
As a precaution, Twitter asks you to consider changing the password on all services where you’ve used this password. They also highlighted the importance of using strong passwords and taking advantage of the two-step verification. Twitter also recommends the use of password managers such as the one included in many Panda Security products.
Here’s how to change your Twitter password:
1. Click the Password tab.
2. Enter your current password.
3. Choose your new password.
4. Save your changes by clicking ‘Save changes.’
It is currently unclear what is the amount of the affected users and why Twitter experienced the bug. Twitter regrets the error and is committed to continue working to ensure the safety of its users.
We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password. https://t.co/RyEDvQOTaZ
— Twitter Support (@TwitterSupport) May 3, 2018
2 comments
Hi, thanks for the information, I don’t know exactly what happened on Twitter, but I got a little scared and quickly changed my password; I hope it doesn’t happen again. Greetings.
Hi Luis,
It is important to change your passwords regularly, so even if you weren’t affected, you did right by modifying it.
Thanks for reading us!
Kind regards,
Panda Security.