Twitter recommends ALL users change passwords after security blunder

ByCraig Haley

Did you notice a prompt to change your password when logging into Twitter recently? That’s because a pretty serious and basic security blunder by the social media site resulted in user’s passwords being saved in plain text in a log inside Twitter’s servers.

Twitter admitted that a “bug” had caused the passwords belonging to a number of users to be potentially accessible to those inside the Twitter network (Twitter staffers, mostly.)

However Twitter also claimed that an investigation into the bug – which has now been fixed – revealed no indication that anyone exploited the bug and obtained any passwords. However, Twitter is still advising their users consider changing their passwords, because, well – you never know.

When passwords are stored on Twitters servers, they are supposed to be masked so no one inside the company (or no one hacking into the company) can simply obtain them. That process is called hashing. However, the bug that Twitter discovered meant that plain text passwords were accidentally being stored in an internal log, before the hashing process completed. That internal log wasn’t being deleted, meaning plaint text passwords were sitting in a log on Twitter servers.


Sponsored Content. Continued below...




It’s a pretty serious security blunder, one that ironically occurred on a day dubbed by many as World Password Day. However to Twitters credit, they informed their users quickly and seem to have been extremely transparent in what happened – something that couldn’t be said for many other companies that have suffered security faux-pas’s in the past (Yahoo.)

Should you change your password? We’d certainly recommend it, since no one can be 100% sure that no one managed to obtain the passwords. And it’s better to be safe than sorry.

It’s also a good demonstration as to why two-factor authentication could be useful. Even if you’re security aware and tech savvy enough never to get have your password compromised, there’s no guarantee companies like Twitter won’t compromise your password for you. If and when this happens, having two-factor authentication enabled means that crooks with your password still won’t be able to access your account because they’ll need an additional piece of information. More about two-factor authentication here.