- If you have doubts about HBO’s ‘Watchmen,’ give it more time Sunday 9:00 PM
- Video shows moment coach disarmed student of shotgun, then hugged him Sunday 7:38 PM
- Jared Leto reportedly tried to stop ‘Joker’ from happening Sunday 4:12 PM
- People are grossed out by cow insemination-themed pregnancy announcement Sunday 3:13 PM
- Major protests in Lebanon triggered by plan to tax WhatsApp calls Sunday 1:38 PM
- Frank Ocean’s $60 HIV prevention drug-themed shirts called tone-deaf Sunday 12:49 PM
- ‘Joker’ stairs latest Instagram spot; locals joke about potential robberies Sunday 10:30 AM
- PewDiePie banned in China after reacting to Winnie the Pooh memes Sunday 8:46 AM
- How to stream Cowboys vs. Eagles on Sunday Night Football Sunday 7:00 AM
- How to stream Chargers vs. Titans in Week 7 Sunday 6:00 AM
- 13 spooky romance games for adults Sunday 6:00 AM
- How to stream ‘Power’ season 6, episode 9 Sunday 5:00 AM
- How to stream Impact Wrestling’s Bound For Glory Sunday 5:00 AM
- How to stream Bills vs. Dolphins in Week 7 Sunday 4:30 AM
- How to stream Jaguars vs. Bengals in Week 7 Sunday 4:00 AM
Twitter users need to change their passwords immediately. The social network just revealed a bug that stored user passwords in plain text on its internal logs. Twitter says its investigation found no indication of breach or misuse. Despite this, the site urges its 330 million users to change their passwords “out of an abundance of caution.”
“We are sharing this information to help people make an informed decision about their account security. We didn’t have to, but believe it’s the right thing to do,” said Twitter’s chief technology officer, Parag Agrawal.
I’m sorry that this happened, but am proud to work at a company that puts people who use our service first.— Parag Agrawal (@paraga) May 3, 2018
It’s not clear exactly how many passwords were affected by the bug, although Twitter emphasizes it has no reason to believe the passwords left its system. However, there remains a chance they were made viewable to employees.
“We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system,” Agrawal explained in a statement. “Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.”
Agrawal originally tweeted that the company “didn’t have to” alert users about the bug but later rescinded the statement.
I should not have said we didn’t have to share. I have felt strongly that we should. My mistake. https://t.co/Cqbs1KiUWd— Parag Agrawal (@paraga) May 3, 2018
The bug seems similar to a glitch in Github’s password reset feature that leaked user passwords in plain text to the company’s internal logs. The code repository said earlier this week a small group of employees gained access to the sensitive information.
If you have a Twitter account, we strongly recommend changing your password as soon as possible and making sure you don’t use that password for any other service. We also suggest you opt into two-factor authentication, which requires you type in a code sent to your phone via text before you can log in. You can change your Twitter password from this link.
Twitter declined the Daily Dot’s request for comment.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.