May 4th 2018
Twitter has advised all of its users to change their passwords "out of an abundance of caution", following a fault which exposed some passwords in plain text on its internal network. At Get Safe Online we advise that you also change passwords for online accounts which use the same password as the one you use for Twitter.
Users have been presented with the warning shown below, when logging in.
The network has also advised users to turn on its two-factor authentication service as an additional precaution.
The social network – which has some 330 million users worldwide – has not revealed how many passwords were affected, but admitted that the number is “substantial” and that they were exposed for “several months”. It has found no indication that the information has been misused by employees.
The fault – which was discovered several weeks ago and has been reported to some regulators – was related to the use of hashing, which masks passwords with letters and numbers as soon as they are entered by users. The affected passwords were stored on an internal computer log before the process could be completed.
In a tweet, Twitter’s Chief Executive Jack Dorsey wrote: “We recently discovered a bug where account passwords were being written to an internal log before completing a masking/hashing process. We’ve fixed, see no indication of breach or misuse, and believe it’s important for us to be open about this internal defect.”
In a blog post, Twitter wrote: "We are very sorry this happened.”