Twitter recently came across a bug that was storing unmasked passwords in an internal log. It has been fixed now, with investigation results saying that no data breach or misuse took place in the meantime.
Twitter via its Twitter Support profile has tweeted about this and asked users to change the particular password on all apps that they respectively use. Once you’ve changed it on Twitter, the similar message pops up having a prompt to lead you to your password settings again.
We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password. https://t.co/RyEDvQOTaZ
— Twitter Support (@TwitterSupport) May 3, 2018
The social media company uses technology to mask passwords of users to ensure that none of the company sees it. The masking process is called ‘hashing’, and it uses a function named ‘bcrypt’. This function replaces the actual password with a random set of numbers and letters from the Twitter’s storage system. The entire process is industry standard and allows the systems to validate account credentials without disclosing passwords.
The Twitter bug that messed this process made the passwords written to an internal log without completing the hashing process. Twitter detected the bug, removed the passwords and has gone forward to take measures so that the bug doesn’t come up again.
The company apologizes for the temporary issue and has provided steps to keep accounts safe. Alongside changing the password, remember to put a strong password and enable login verification or two-factor verification. It as well advises using a password manager for ensuring the strength and uniqueness of the passwords in each of your services.