Twitter is urging its 330 million users to change their passwords after a bug exposed them in plain text. Chief technology officer Parag Agrawal issued a statement Thursday explaining the problem:
“When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it,” Agrawal wrote in a company blog post. “We recently identified a bug that stored passwords unmasked in an internal log.”
The tech industry, including Twitter, typically masks passwords with a function known as bcrypt. In this process, according to Agrawal, passwords are replaced with a random set of letters and numbers, which are stored in the system and allow account validation without exposing passwords. But the bug, which has since been fixed, caused the passwords to be written to an internal log before the hashing process via bcrypt was complete.
The company came across the error, removed the passwords and are working on prevention methods. They found no indication of breach or misuse.
“We are very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day,” Agrawal wrote.
To change your Twitter password, visit the password settings page. You may also want to change your password on any services where the same password may have been used. Remember to use a strong password and enable login verification, an extra layer of security that requires both your password and a code sent to your mobile phone to log in.
Other password tips:
1. Use a variety of characters including numerical, uppercase and lowercase letters and other special characters.
2. Avoid dictionary terms.
3. Use a password manager.