Twitter recently found a bug storing unmasked passwords in an internal log. It has been fixed now, with investigation results saying that no data breach or misuse took place in the meantime.
Twitter, via its Twitter Support profile, has tweeted about this and asked users to change the particular password on all apps that they respectively use. Once you’ve changed it on Twitter, a similar message pops up having a prompt to lead you to your password settings again.
The social media company uses technology to mask the passwords of users to ensure that none of the companies sees it. The masking process is called ‘hashing’ and uses a function named ‘bcrypt’. This function replaces the actual password with a random set of numbers and letters from Twitter’s storage system. The entire process is industry standard and allows the systems to validate account credentials without disclosing passwords.
The Twitter bug that messed up this process made the passwords written to an internal log without completing the hashing process. Twitter detected the bug, removed the passwords, and has gone forward to take measures so that the bug doesn’t come up again.
The company apologizes for the temporary issue and has provided steps to keep accounts safe. Alongside changing the password, remember to put a strong password and enable login verification or two-factor verification. It also advises using a password manager to ensure the strength and uniqueness of the passwords in each of your services.