Twitter Suffers Internal Glitch - Change Your Password Immediately
If you are an avid Twitter user, you must have received a notice the moment you logged into your account back at the beginning of May that you should change your Twitter password. This was related to an internal glitch in the Twitter system. Although it didn't seem like the glitch evolved into a severe security threat, it could have easily turned into something bigger had cybercriminals obtained sensitive data. In this post here, we would like to tell you more about this occurrence. We will also give you more details about Twitter security and how the service urges its users to protect their accounts.
Why Did Twitter Urge Users to Change Passwords?
A few months ago, Twitter issued a notification that recommended users to change their passwords. According to the official Twitter blog post, there was an internal glitch within the system. As a result, more than 330 million Twitter users could have been affected by this mishap.
Usually, the passwords that are stored within the system are coded, and no one can see them the way they are. However, due to this bug, all the passwords were stored in plain text within the internal system. Needless to say, if anyone could get a hand on such information, a lot of accounts could be compromised. And that is why the company told you to change your Twitter password, even if it was a precaution measure.
How Does the Twitter Password Storage System Work?
As mentioned, no one can see your password as it is, even if they work for Twitter. When you save your password, the system masks it so that no one could see it in plain text. In other words, if any system stores your passwords in plain text, that is an obvious security breach.
To mask your password, Twitter uses a hashing process. During this process, the passwords are encrypted. The plain text is scrambled so that no one would be able to recognize it even if they did see it (which shouldn't happen in the first place). Your password as you know is replaced with an alphanumeric sequence. As a result, whenever you log into your account, the system can recognize you and proceed with the authentication automatically, and there is no need to reveal the actual password. This kind of password encryption within the system is the industry standard that any company that handles personal data has to apply.
What's with the Bug?
Twitter has not revealed more information about the bug that caused this issue. It did not point out how this bug appeared, so we can only infer that the potential security threats were grave, especially considering that every user received this automated notification to change their passwords.
The good thing was that the bug was noticed and found by Twitter, not by someone from the outside. Thus, the information could not be exploited immediately. What's more, according to Twitter's Chief Technology Officer Parag Agrawal, there was “no indication of breach or misuse,” so it is possible to say that Twitter noticed this bug right on time.
What Are the Twitter Security Recommendations?
Having this bug and other potential threats in mind, Twitter also issued a number of recommendations. It is obvious that you have to change your Twitter password the moment a threat arises, but there are also other important points to consider.
First, you should change your password not only on Twitter but also on other related services that might be using the same password. It is funny that this issue arose on the World Password Day (which also happened to be trending on Twitter at the time). As a result, a lot of security-related blogs offered a lot of guidelines to the users who would be concerned about their password security. The thing that everyone emphasized is that passwords need to be changed regularly.
Second, users need to employ strong passwords. It is very often that users choose easy-to-remember passwords because strong passwords might be too complicated to recall every single day. But the problem is that such passwords are really easy to crack nowadays, especially with strong CPUs that make brute force attacks easier. We have actually covered the worst passwords before, and you can check if you are using any of those. If you do, please do change your password.
Twitter also recommends using the two-factor authentication when you log in. When you have this option enabled, a One Time Password is sent to your phone each time you attempt to log in. Please note that this option requires you to confirm your email address and your phone number that have to be associated with your account.
Finally, you can always use a password manager that will ensure your password is strong, and you will no longer have to worry about changing it all the time. For now, you can scroll to the bottom of this post for the instructions on how to change your Twitter password. We will tell you both, how to reset and how to change your password.
Concerns About Consumer Data Storage
One last thing we would like to emphasize is that the news about this bug surfaced amidst concerns about how companies store consumer data. For example, we have covered the notorious Equifax breach previously, and there have been reports that Twitter was a subject to annual security evaluation by the U.S. Federal Trade Commission since 2010 because back then the company was accused of “serious lapses” in data security.
Therefore, it is clear that the bar for data security is getting set higher and higher, and companies that manage sensitive user information, have to meet those requirements to ensure their business success.
How to Change Your Twitter Password
If you want to reset your Twitter password, you can click this. This is an automated Twitter service that allows you to reset your password once you confirm your identity by entering your email, phone number or ID.
You can also change your password via Twitter settings. When you log into your account, do the following:
- Click your display picture at the top-right corner (web version).
- Click Settings and privacy on the drop-down menu.
- Click Password on the menu.
- Enter your Current password.
- Enter your New Password, Verify password, and click Save changes.