Twitter announced on Thursday in a tweet that a glitch allowed some of the users’ passwords to be stored internally in the form of readable text.
We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password. https://t.co/RyEDvQOTaZ
— Twitter Support (@TwitterSupport) May 3, 2018
Generally, Twitter stores hashed passwords using bcrypt so, that they are not in readable text format and appear as random letters and numbers and this means no one in the company can see the password of any user.
But due to the recent bug, the passwords of some users were stored in the internal log before the hashing process converted them into random numbers.
In order to help the users change their passwords conveniently, Twitter is presenting a pop-up window to its users. The pop-up window contains a link to their settings page where the users can change their password.
As per the company, they have identified the problem and fixed it. They claim that no password has been compromised but they recommend that users change their passwords to stay safe.The company did not specify how many passwords were affected by the bug.
The company’s Chief Technology Officer, Parag Agrawal said in a tweet, “ We are sharing this information to help people take an informed decision about their account security. We did not have to, but believe its the right thing to do”
After the recent disclose that Twitter sold data to Cambridge Analytica, Twitter already received severe criticism. And this issue has surely landed Twitter in hot water now.
Chief Executive Officer, Jack Dorsey said in a tweet “We fixed the bug and have no indication of a breach or misuse by anyone, As a precaution, consider changing your password on all services where you’ve used this password.”
This disclosure comes when lawmakers and regulators all over the world have started scrutinizing the way companies store and protect user data after revelations of Facebook users’ data being sold to Cambridge Analytica and confession by Careem regarding user data being accessed by hackers.