Why Did Twitter Tell Millions of Users to Change Their Passwords?
You may have heard that Twitter recently told its 300+ million users to change their passwords, but have you wondered why? Well, the reason for that is quite simple, it's about their users' security. Twitter discovered a bug, which posed a major security risk, and needed to be addressed. Part of that involved asking the users of the social media giant to change their passwords. Twitter reps added that no security breaches or leaks were detected since then, but cautioned users all the same. According to the company, the issue has since been fixed.
About the bug
Apparently, the bug was an internal issue. Twitter reps have explained that the bug caused user passwords to be stored as simple, plain text in their internal systems, which anyone could access and read. The social media giant has since fixed the issue and apologized profusely. Twitter told its clients to change their passwords just in case though after the social media's IT teams observed a seemingly innocent bug that saved user passwords in plain text on the Twitter's internal systems.
Twitter's security specialists have fixed the issue, but the company still advises users to change their passwords just in case.
Parag Agrawal, Twitter's head of technology said this on the issue: "We are very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day."
Twitter sent out a tweet to all of its 336 million users warning them of the password issue.
"We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password," the message read.
About Twitter's security measures and your privacy
Any social media, or indeed, any company or institution that cares about its users' safety stores their passwords in a way that makes them impossible to read by hackers, like through encryption, for example. Twitter is no exception. The company uses a system called "hashing" that changes the characters of the passwords and saves them as random numbers and symbols in Twitter's internal systems making it impossible to guess. However, due to the bug, the passwords were stored in plain text instead.
"This allows our systems to validate your account credentials without revealing your password," Parag Agrawal explained. "This is an industry standard. "Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again," he added.
Parag asked users to change their passwords, and also use extra security measures, like two-factor authentication to ensure their accounts' safety. He also strongly recommended that Twitter's user base look into using a reliable password manager as another layer of protection.