This is not a drill. Twitter has revealed it’s discovered a bug that stored passwords in plain text in its internal system. Oops. In other words, change your password for the service now. Also, now Twitter may know your childhood pet’s name, your birthday, or whatever else you’ve been using for a password. Of course, it means if it’s unwittingly been compromised, someone else might, too.
Twitter HQ has advised that all users change their passwords, because there’s no telling how many people have been affected by said bug. Team Twitter has already attended to the issue and said the bug has been squashed, but as a preemptive measure they took to their preferred platform to let users know that there has not been a breach of private info (listen clearly, Facebook).
Need to get in touch with our support team? Direct Message @TwitterSupport to report abuse, impersonation, or account access issues to us and we'll be in touch with you as soon as we can. pic.twitter.com/ITpDiaCwhH
— Support (@Support) April 5, 2018
Don’t panic, because most accounts are normally secured by storing passwords in a format that cannot be read — in Twitter’s case, normal practice is to save passwords through a process called “hashing”, which opts to replace the real password with random characters before saving it on their server.
Twitter’s chief technology officer, Parag Agrawal, posted on the official Twitter blog, explaining what had happened and how they have remedied the unexpected bug; “Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again”.
Take advice from the OG, and change the password. As they mentioned, they haven’t found any breach of information. But rather safe than hacked.