Twitter is advising all of its users to change their Twitter passwords with immediate after a bug exposed them in plain text. The social media platform has over 330 million users and it’s investigation has so far eliminated any evidence of any kind of breach or misuse of the unmasked passwords. The company is recommending that users change their Twitter passwords out of an “abundance of caution,” both on the site itself and anywhere else they may have used that password, which includes third-party apps like TweetDeck and Twitterrific.
According to Twitter, the bug occurred due to an issue in the hashing process that masks passwords by replacing them with a random string of characters that get stored on Twitter’s system. But due to an error with the system, apparently passwords were being saved in plain text to an internal log, instead of masking them with the hashing process. Twitter claims to have found the bug on its own and removed the passwords. It’s working to make sure that similar issues don’t come up again.
It is not clear how many users’ passwords may have potentially been compromised or how long the bug was exposing passwords before it found and fixed the issue. But the fact that the company is urging its entire user base to change their passwords indicates that it would seem to be a huge number of users.
