Twitter bug causes passwords to be stored in plain text — go change your password now
Twitter is urging its 330 million users to change their passwords after discovering an internal bug in the system.
The bug – which has since been fixed — stored passwords unencrypted in an internal log, according to a blog post from Twitter Chief Technology Officer Parag Agrawal.
Usually, passwords are stored using hashing, a process “that masks it so no one at the company can see it,” Agarawal explained, but this bug stored the passwords verbatim in the company’s logs.
Hashing is commonly used for password storing and verification.
Though the company hasn’t seen evidence that the passwords were misused or accessed improperly, Agrawal still says that “out of an abundance of caution,” users should still change your password.