Please change your passwords, we've seen them — Twitter alerts users

Blanche Robertson
May 4, 2018

You read that correctly: plaintext passwords, saved to disk. Nevertheless, Twitter recommends a password change, and pronto.

In a previous security incident in 2013, Twitter took the additional step of resetting passwords for impacted users. Company executives also called it a "decision" as opposed to an obligation. "This allows our systems to validate your account credentials without revealing your password", Agrawal noted. "We didn't have to, but believe it's the right thing to do".

"A lot of people use silly, simple passwords and they use them across multiple sites", Long told hosts Ben Fordham and Georgie Gardner.

So what actually happened to the passwords?

In 2016, the company fingered malware as being responsible for leaked passwords and usernames of users on its network.

A more detailed explanation of the issue can be seen below, or on the official Twitter blog.

"They should be unique, because if someone hacks your password for Twitter, and that is your password for your email, guess what?"

This hashing process was interrupted thanks to a "bug" in the system.

Former Volkswagen boss Winterkorn charged over dieselgate role
Prosecutors say that following the meeting, Winterkorn authorised the company to continue lying to American authorities. Federal prosecutors charged Winterkorn with wire fraud, conspiracy to defraud the USA and violating the Clean Air Act.

"We recently identified a bug that stored passwords unmasked in an internal log".

Twitter explains that while it usually uses hashing to protect user passwords, a bug caused passwords to be written to an internal log before completing that hashing process.

What an announcement to have to make on World Password Day!

As we mentioned above, Twitter's not disclosing how many or whose passcodes were uncovered.

Such data security assessments, have come under scrutiny in recent weeks, following Facebook's entanglement with a political consultancy that improperly accessed the data of 87 million users. But again, Twitter said no one saw them who wasn't supposed to.

On Thursday, the company announced it had found and fixed a "bug" that stored user passwords internally without adequate security. Here is what it suggests you can do to keep your account safe.

Use a strong password that you don't reuse on any other website.

Other reports by

Discuss This Article