- How to follow along with San Diego Comic Con online 1 Year Ago
- How to live stream the International Champions Cup Today 5:00 AM
- A police union is urging its officers to post ‘The Punisher’ logo Monday 7:33 PM
- Redditors call for a Nestlé boycott through memes Monday 6:16 PM
- How a 10-second Disney jingle became a meme in Thailand Monday 4:48 PM
- Instagram users share photos showing gruesome killing of 17-year-old Bianca Devins Monday 4:33 PM
- The horror game banned for mocking China’s president probably isn’t coming back Monday 3:31 PM
- Cheap vibrators, condoms, and lube: The most satisfying Amazon Prime Day deals Monday 3:07 PM
- George R.R. Martin says fan backlash won’t affect his ‘Game of Thrones’ ending Monday 3:03 PM
- The very finest Area 51 memes Monday 2:52 PM
- Tweet map ranks states where people are boycotting Amazon Prime Day Monday 1:54 PM
- Lil Nas X says he will perform at Area 51 for free Monday 12:56 PM
- The best Prime Day deals for gamers Monday 12:53 PM
- How Republicans are dancing around Trump’s racist tweets Monday 12:42 PM
- Not even anti-immigrant groups are defending Trump’s ‘go back’ tweets Monday 12:37 PM
Use two-factor authentication while you’re at it.
Twitter users need to change their passwords immediately. The social network just revealed a bug that stored user passwords in plain text on its internal logs. Twitter says its investigation found no indication of breach or misuse. Despite this, the site urges its 330 million users to change their passwords “out of an abundance of caution.”
“We are sharing this information to help people make an informed decision about their account security. We didn’t have to, but believe it’s the right thing to do,” said Twitter’s chief technology officer, Parag Agrawal.
I’m sorry that this happened, but am proud to work at a company that puts people who use our service first.— Parag Agrawal (@paraga) May 3, 2018
It’s not clear exactly how many passwords were affected by the bug, although Twitter emphasizes it has no reason to believe the passwords left its system. However, there remains a chance they were made viewable to employees.
“We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system,” Agrawal explained in a statement. “Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.”
Agrawal originally tweeted that the company “didn’t have to” alert users about the bug but later rescinded the statement.
I should not have said we didn’t have to share. I have felt strongly that we should. My mistake. https://t.co/Cqbs1KiUWd— Parag Agrawal (@paraga) May 3, 2018
The bug seems similar to a glitch in Github’s password reset feature that leaked user passwords in plain text to the company’s internal logs. The code repository said earlier this week a small group of employees gained access to the sensitive information.
If you have a Twitter account, we strongly recommend changing your password as soon as possible and making sure you don’t use that password for any other service. We also suggest you opt into two-factor authentication, which requires you type in a code sent to your phone via text before you can log in. You can change your Twitter password from this link.
Twitter declined the Daily Dot’s request for comment.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.