Quick, change your Twitter passwords like right now
Seriously, do it now.
This is bad yo. Your Tweets aren’t so protected after a glitch caused some passwords to be stored in plaintext in an internal log on the company’s servers. Twitter has urged its entire userbase to change their passwords after they discovered the glitch, which they say they have fixed. An internal investigation has stated that there’s no indication that any passwords have been misused or stolen at this time, and are cautioning the password changes as a precautionary measure.
Reuters reports that an insider familiar with the response said that the number of passwords affected is “substantial.” Twitter has known about it for some time, even reporting the issue to regulators.
We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password. https://t.co/RyEDvQOTaZ
— Twitter Support (@TwitterSupport) May 3, 2018
If you want to change your password via Twitter’s website, click on your profile picture icon near the top-right corner > Settings and Privacy > Password. Enter your password, and enter a new, stronger and better password.
On iOS and Android, click your profile picture icon in the top-left > Settings and Privacy > Account > Password (or, on iOS, “Change password”), and go through the password-change process explained above.
The disclosure comes at a trying time, with lawmakers and regulators around the world already looking at how companies store and hold consumer data in the wake of some high-profile incidents at companies such as Equifax and Uber.
In the European Union, a new strict privacy law is about to go into effect. The General Data Protection Regulation, as it’s known, included steep penalties and fees for violating its terms.
Twitter has said that the glitch was related to their use of a technology called ‘hashing’ that encodes passwords as a user enters them, which is common in cybersecurity. A bug in this process caused the passwords to be written on the internal computer log before the hashing process was finished, their own blog says.