It seems the next big password fiasco is here. Twitter is warning its user base, which numbers at over 330 million, to change their passwords as soon as possible after a bug reportedly caused the confidential info to be exposed in plain text.
Twitter is saying that an investigation revealed “no indication of breach or misuse by anyone,” but you should still change your password as a security measure it refers to as an “abundance of caution.” That last tidbit is there not to cause a panic, but take the warning seriously: if you use Twitter, reset your password now.
In Twitter’s explanation of the bug, its password storage process is called hashing using the function known as bcrypt where it replaces the text password with random sets of numbers and letters stored in its system. But the bug logged the passwords internally before it completed the hashing, revealing them in plain text.
Luckily, no evidence of a breach was discovered, so it appears nobody got ahold of the passwords. However, that doesn’t guarantee nobody saw them, hence the precaution on Twitter’s part.
Twitter is urging users to reset their password using a strong password with multiple letters, numbers and characters. It warns against recycling passwords from other sites as this may exacerbate hacks. Enabling two factor authentication is the best way to secure your account in case an attack takes place. Lastly, you should use a password manager to ensure you don’t forget your password.
If you care at all about security, you should know these steps by now, and if you don’t, let this be a sobering reminder of what you should do to keep your accounts secure.
Twitter ended its blog post announcing the security issue by apologizing. We appreciate it, but next time, please don’t store our passwords in plain text.