Thursday afternoon, Twitter discovered a bug in its systems that revealed plaintext passwords. Passwords are usually stored as a “message digest,” which is the result of a one-way cryptographic hash function, such as SHA-256. This prevents unauthorized parties from seeing the actual password. The bug was discovered when Twitter detected an internal log displaying the original, plaintext passwords.
Twitter is therefore urging users to change their passwords immediately. Twitter users will likely be greeted with a security warning, such as the one depicted below. Twitter users can easily change their password in “Settings.”
As the message indicates, there is no indication of a data breach. It’s unclear how many passwords were displayed in the internal log, but it would definitely pay to change your password and enable two-factor authentication. Keep in mind, the social media giant is recommending that ALL 330 million users change their password. This is likely just a precaution, but it might be an indication of the scope of the impact or how many passwords were accidentally exposed.
Gartenberg, C. (2018). Twitter advising all 330 million users to change passwords after bug exposed them in plain text. The Verge. Retrieved from https://www.theverge.com/2018/5/3/17316684/twitter-password-bug-security-flaw-exposed-change-now
Kelly, H. (2018). Twitter says all 336 million users should change their passwords. CNN Tech. Retrieved from http://money.cnn.com/2018/05/03/technology/twitter-password-bug/index.html