Have You Changed Your Twitter Password, Yet?
Your Twitter password should be changed immediately, the social media platform announced Thursday afternoon, and the warning applies to all Twitter users.
Your Twitter password is probably as safe and secure as it ever was. But that didn’t stop the social media platform from sending word to its 336 million users that it’s to change those credentials.
The action was prompted by the discovery of an internal file that stored usernames and passwords, according to a blog post from Twitter’s Chief Technology Officer, Parag Agrawal:
As a precaution, Twitter wants all of its users — some 330 million of them — to change their credentials. Here’s the statement Twitter released:
When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it. We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone.
Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password.
Agrawal said the bug occurred because of an issue with a “hashing process” that replaces actual passwords with a random string of characters. That system, apparently, failed, which caused real passwords to be stored in plain text (unmasked).
Coincidentally, the announcement came on “World Password Day,” an annual occasion in which IT and security professional urge people to be mindful of their various passwords, change weak ones to protect their accounts and even to employ a password manager to help people remember their passwords or generate more secure versions of what they already have.
Wired reported some users were experiencing errors and lags, suggesting that could be the result of everyone trying to change their password at once, which it called a good thing. I know that I encountered a few errors myself before I was able to change my password, but the delay was minor.
Hopefully, neither the old password or the new one will be something ridiculous like “password” or “12345678,” although we already know people actually do use those passwords. (Seriously, click that link and look at some of the ridiculous entries people actually use as passwords!)