A glitch in the system has Twitter urging users to changed their passwords. It seems some of the passwords were stored in the system as regular text instead of hidden by a process known as “hashing”.
Messages went out to users by the social network company on Thursday letting people know the issue was resolved and that passwords had not been stolen. With that being said, it wouldn’t hurt to go ahead and change up your password.
Chief Executive Jack Dorsey sent out the following tweet to his 4.2 million followers.
We recently discovered a bug where account passwords were being written to an internal log before completing a masking/hashing process. We’ve fixed, see no indication of breach or misuse, and believe it’s important for us to be open about this internal defect. https://t.co/BJezo7Gk00
— jack (@jack) May 3, 2018
It is being reported that the number of passwords exposed were substantial and that they were accessible within the company for several months.
Users of the site, definitely had some concerns.
— حسن سجواني (@HSajwanization) May 3, 2018
@jack this is all good and well for letting us know, but why o why do you still allow passwords to be transmitted over the wire, if you really care about security, passwords would not leave the “client”
— Retief Gerber (@retiefgerber) May 4, 2018
Thx, I deleted my phone no. from settings cause I don't feel the account is secure enough for this level of info about users. Twitter still urged that a phone no. makes the account more secure. If hacked, disclosing a phone no. actually makes the user less secure. @EU_EDPS
— Yaansoon (@yaansoon) May 4, 2018
On the Twitter Blog, the following tips were given to keep passwords safe:
Change your password on Twitter and on any other service where you may have used the same password.
Use a strong password that you don’t reuse on other websites.
Enable login verification, also known as two factor authentication. This is the single best action you can take to increase your account security.
Use a password manager to make sure you’re using strong, unique passwords everywhere.