Twitter Recommends All Users Change Passwords Due To Bug

A recently discovered bug has prompted Twitter to ask all of its users to change their passwords “out of an abundance of caution.”

k.nopparat / Shutterstock.com

Twitter revealed the bug in a blog post today titled “Keeping Your Account Secure.” The company says passwords are masked, however, a bug was discovered “that stored passwords unmasked in an internal log.”

Related: Password Manager Dashlane Closes $30 Million in Funding

Twitter CTO Parag Agrawal explained in the post that Twitter uses an industry standard fucntion, bcrypt, to replace an actual password with random numbers and letters. This way, Twitter’s systems can validate account credentials without revealing the password.

[Find out how to activate two-step verification on Twitter and your other accounts to add an extra layer of security.]

The bug caused passwords to be “written to an internal log before completing the hashing process,” Agrawal writes. “We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.”

“We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone,” the post notes.

Twitter recommends that you change the password both on Twitter, and anywhere else where you use the same password. (As we’ve written before on many occasions, computer users should know to never use the same password for two separate websites.)

Twitter users should act post haste to change their passwords — and when choosing a new password, pick something completely new and unique. Stay away from common phrases. (Don’t pick anything that would have ended up on a Worst Passwords list, for instance.)

In Twitter’s own blog post, it gives the same password advice, including another piece of advice we always give: use a trusted password manager to ensure strong password use. Check out our roundup of the best password managers, and be sure to read our full reviews and comparison articles, as well.

Phil Dzikiy

Phil Dzikiy

Phil Dzikiy is the former editor in chief of Security Baron. Before, he has worked as a freelance writer and editor at websites like Wirecutter.com and iLounge.com along with publications like the Lockport Union Sun & Journal and the Greater Niagara Newspapers. With digital and print experience under his belt, Phil has a passion for all things technology including home security, cyber security, and the smart home. His bachelor's degree in Journalism from the University of Maryland College Park initially landed Phil his first job at the Beaver County Times, which has lead to over 15 years of experience as a journalist.

Leave a Comment

Trending News

Follow Us

Reviews