Image via Shutterstock
Thursday afternoon Twitter announced that it’s experienced a “bug” that exposed users’ passwords in an internal log.In a blog post, Twitter wrote that out “an abundance of caution,” it’s asking users to consider changing passwords.
As per industry standard, Twitter hashes passwords using bcrypt, which replaces text passwords with random numbers and letters in its system.The company announcement explains the nature of the bug in more detail:
“Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.”If you use the same password for multiple services (please don’t do that), or have your Twitter account connected to other login credentials online, you should change these passwords immediately. The logs that exposed users' passwords were internal, but if anyone could see them at all the safest thing to do is change them.“We are very sorry this happened,” Twitter CTO Parag Agrawal wrote in the blog post. “We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.”A spokesperson for Twitter emphasized that this is not a breach, and that the company's investigation has shown that the information was not misused.The best time to assess your security practices is before they happen: Read more about how to use stronger security practices, such as avoiding reusing the password on multiple accounts and using two-factor authentication on sites like Twitter, in the Motherboard Guide to Not Getting Hacked.Updated 4:37 p.m. EST with comment from Twitter.