Twitter announced Thursday via a blog post and (what else) a Tweet they found a flaw in their security that exposed encrypted passwords. If you're one of the 330 million users on the social network, the recommendation is to immediately change your password on Twitter—and anywhere else you may use that same password.
Twitter's announcement states: "We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone."
We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password. https://t.co/RyEDvQOTaZ— Twitter Support (@TwitterSupport) May 3, 2018
What Happened in 280 Characters (Roughly)
There's an industry standard for securing passwords known as bcrypt, which is what Twitter uses to mask their passwords. "Password hashing" is the technical term and it replaces the password with a random set of numbers and letters that are stored in a company's system, which then validates an account's credentials without revealing your password.
The bug Twitter found means that passwords were written to an internal log before completing the hashing process. The company announced that they found the error themselves, corrected it, and are implementing plans to keep it from happening again.
We recently discovered a bug where account passwords were being written to an internal log before completing a masking/hashing process. We’ve fixed, see no indication of breach or misuse, and believe it’s important for us to be open about this internal defect. https://t.co/BJezo7Gk00— jack (@jack) May 3, 2018
What Should You Do If You Use Twitter?
There are few steps you can take to protect your personal information online:
- Twitter recommends that you change your Twitter password immediately. You can do this on the password settings page.
- If you've used that same password on another site, change it there, too.
- To keep your information secure, it's best to not use the same password on different sites and you may want to use a password manager like Experian's SaferPass to keep track of all those different, secure passwords.
- Change your password on any account if you think it's compromised at any time.
- Set up two-factor authentication on Twitter and any other site when possible so you can protect someone else from logging in on another device.
Read more here about keeping your social media privacy settings updated on Twitter, Facebook, Instagram, and YouTube so you can stay safe online.
Editorial Disclaimer: Opinions expressed here are author's alone, not those of any bank, credit card issuer, or other company, and have not been reviewed, approved or otherwise endorsed by any of these entities. All information, including rates and fees, are accurate as of the date of publication.