Late last night, Twitter announced that a glitch in its system may have revealed the passwords of every one of its 336 millions of users, in a deliciously easy-to-read plain text. While Twitter asserts that there’s no evidence that the information was leaked or misused, it strongly suggests that everybody changes their password right now.
The glitch was in an internal system that was supposed to replace passwords with a randomised string of text for use in internal logs, but spat them out in plain text instead.
“We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system. This allows our systems to validate your account credentials without revealing your password. This is an industry standard,” Twitter said in a blog post.
“Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.”
Your account probably isn’t compromised, but you should probably change that password as soon as possible. Which means right now. You can do that here.
“We fixed the bug and have no indication of a breach or misuse by anyone,” Chief Executive Jack Dorsey said in a Tweet. “As a precaution, consider changing your password on all services where you’ve used this password.”
Of course, you’re savvy people on the internet so you’re always able to avoid this sort of nonsense by using a secure password manager like Lastpass or Dashlane. Right? Yes, of course.
Last Updated: May 4, 2018