Yesterday on 3rd of May The official Twitter support handle posted tweets asking everyone to change their Twitter account passwords. It referenced to a blog published by twitter CTO Parag Agrawal, where he referenced to a technical glitch in twitter internal software and requested all the account to get their passwords changed. Twitter already started giving pop-up notifications to every user requesting o change password.
According to Parag, Twitter hashes passwords using a popular function known as bcrypt, which replaces an actual password with a random set of numbers and letters and then stored it in its systems. This helps twitter in hiding the passwords such that no insider can see user’s passwords. Also, it helps in validating user without exposing the actual password. This process is done as per the industry standards.
As Parag explained, Twitter identified a bug that stored passwords unmasked in an internal log. The bug resulted in passwords being written to an internal log before completing the hashing process, which means that the passwords were left exposed on the company’s internal system. This could have been turned into a breach where anyone having access to the logs could have read the unmasked passwords.
Twitter itself identified this bug and immediately fixed it. They are now implementing plans to prevent this bug from happening again. Twitter conducted an investigation and found no traces of any breach that might have happened.
Even after a bounty of precautionary measures, as a safety tip, Twitter is asking its users to get their account passwords changed. It is evident that you should also change the password on all other services where you have used the same password. Instead of making it optional, Twitter could have forced all its users to change their passwords to guarantee their security.
As a final note, Parag added “We are very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.”
How to change your twitter password
- Twitter has made it easy. The company is showing users a notification that links directly to its password reset page.
- You can also get there by clicking your profile image in the upper-right corner >> Settings and Privacy -> Change Password on Twitter’s website.
- For the Twitter app for iOS and Android, click on your Profile Picture icon in the top-left corner, and then go to Settings and Privacy → Account → Change Password (“Password” on Android), and create a new, stronger password.