Twitter Urges Users To Change 'Unmasked' Passwords

Twitter Logo

Twitter Logo

While Twitter, to its credit, approaches password use in exactly this manner, it has warned its users this week of a bug in its internal logging system which made the entire hashing process moot by writing passwords to log files in plain text format.

An internal "bug" left millions of Twitter passwords potentially exposed for months in a plain text file, the company revealed, as it urged hundreds of millions of users to change their passwords as a precaution. While Twitter's investigation did not find indicators for abuse, it recommends that all Twitter users change account passwords and implement additional security protections if not activated already on the account. Out of an abundance of caution, we ask that you consider changing your password on all services where you've used this password. Twitter said that its users' passwords were exposed in plaintext due to a bug in its systems.

Twitter said that it had discovered the error itself and removed the passwords. No matter your take, you should ensure that your account is as safe as can be if you use the social network.

"Password hashing" is an industry standard, and can prevent a hacker from quickly exploiting the information if it ever leaks.

You also can change it from your phone by clicking on "Settings and privacy", then "Account" followed by "Change password".

Netanyahu accuses Palestinian leader Abbas of anti-Semitism
Ms Thornberry did slam the comments in a later statement after reports on Mr Abbas' three-hour speech spread around the world. He gave no source for the accusation, but said it was part of a wider Israeli campaign of incitement against Palestinians.

But because of the bug, the password was stored in the internal log. Twitter spotted the problem to fix the bug and also deleted the stored passwords in the log. The more advisory rather than enforced approach to passwords this time around may indicate they are more confident in the lack of breach.

Ironically, Twitter's password mishap was announced on the corporate holiday known as World Password Day, created by Intel security researchers and celebrated on the first Thursday in May as a way to promote good password and cyber security hygiene.

Again, Agrawal apologised for the upheaval this password change may cause.

Twitter said on its blog: "We are very sorry this happened".

Use a strong password that you don't reuse on other services. Users will be prompted to enter their current password and enter their new password twice. As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.