Twitter fixes internal bug that stored unmasked passwords, no data breach was found

Twitter Bug

Have you not upgraded your website to HTTPS yet? Upgrade NOW.

Google with its Chrome 68 update to show all HTTP websites as NOT SECURE. Avoid Google's penalty by installing an SSL Certificate. Get a DigiCert Standard SSL and secure your website at just $157/year. BUY NOW

Get daily updates straight in your inbox.

Twitter recently came across a bug that was storing unmasked passwords in an internal log. It has been fixed now, with investigation results saying that no data breach or misuse took place in the meantime.

Twitter via its Twitter Support profile has tweeted about this and asked users to change the particular password on all apps that they respectively use. Once you’ve changed it on Twitter, the similar message pops up having a prompt to lead you to your password settings again.

The social media company uses technology to mask passwords of users to ensure that none of the company sees it. The masking process is called ‘hashing’, and it uses a function named ‘bcrypt’. This function replaces the actual password with a random set of numbers and letters from the Twitter’s storage system. The entire process is industry standard and allows the systems to validate account credentials without disclosing passwords.


The Twitter bug that messed this process made the passwords written to an internal log without completing the hashing process. Twitter detected the bug, removed the passwords and has gone forward to take measures so that the bug doesn’t come up again.

The company apologizes for the temporary issue and has provided steps to keep accounts safe. Alongside changing the password, remember to put a strong password and enable login verification or two-factor verification. It as well advises using a password manager for ensuring the strength and uniqueness of the passwords in each of your services.

Twitter fixes internal bug that stored unmasked passwords, no data breach was found