Twitter is urging its users to change their passwords following a bug that was identified on the social media platform. While the bug has since been fixed, the company assures users there were no signs of breach or misuse of the passwords by anyone.
In an effort to establish complete transparency, Twitter Chief Technical Officer Parag Agrawal took to Twitter’s blog to explain exactly what happened. When setting a password on your Twitter account, the platform uses technology that masks it so that no one else at the company can see it.
Twitter’s passwords are masked through a process called hashtag that uses a function known as bcrypt. This means that the passwords are replaced with a random set of numbers and letters stored within Twitter’s system. That way, the company can validate your account without giving away your password.
But due to the bug, passwords were written to an internal log before the hashtag process was completed — leaving them exposed. Twitter found the bug, removed the passwords from the log, and are planning ways to prevent this from occurring in the future.
While the company hasn’t found evidence the password information left Twitter’s systems, or was taken by anyone, it still recommends users to take the necessary precautions. Knowing its system can be accessed by its employees, it’s definitely best to change your password just in case.
When we opened our Twitter app, we were greeted by a notification briefly explaining news of the bug. We then had the option to either skip or go to our settings instead. This then allowed us to easily change and update our password — but you have to remember your old one, too.
If you choose to change your password later, swipe to the right on your app, tap Settings and privacy > Account > Change password, and type in your new password. Once you tap done, your password will automatically update.
For those that use the same password on a variety of services, Twitter recommends changing your password on those platforms as well. Other tips include using a password manager to make sure it’s unique and strong.
For an extra layer of protection, you can also enable login verification — also known as two-factor authentication. To toggle it on, go to Settings and privacy > Account > Security. Every time you log into your Twitter account, you will also be prompted to enter a code that will be sent to your phone.
- Tumblr promises it fixed a bug that left user data exposed
- Instagram tool accidentally exposes user passwords. Were you affected?
- Google to shut down Google+ after exposure of 500,000 users’ data
- Latest Facebook bug exposed up to 6.8 million users’ private photos
- Windows Insiders get fix for October 2018 Update’s data delete bug