May 03, 2018
You might want to seriously consider changing your Twitter password.
In a blog post released Thursday afternoon Twitter revealed a bug had been found on the company’s internal servers that was unmasking passwords.
The bug had apparently been storing user passwords without any protection for what was “several months,” Reuters reported.
Twitter says it has fixed the bug after the company noticed the problem and there is no immediate threat, but “out of an abundance of caution,” the company is urging its 330 million users to brainstorm a new, secure password.
So you should probably just change it.
Here’s the link to do that.
In the blog post Twitter detailed how its password system is supposed to work: Basically it protects passwords from being exposed to Twitter employees or outsiders by a process called “hashing” that replaces our passwords with random numbers and letters.
The bug made it so that “hashing” didn’t occur. So employees or others could have been exposed to raw passwords.
The company said "our investigation shows no indication of breach or misuse by anyone."
The post didn’t detail how many passwords and users were affected by the bug, but a person familiar with the company’s response told Reuters the number was “substantial.”
Apparently Twitter is implementing plans to prevent this from happening again.