Twitter goof potentially exposes all 336m user passwords

As if Twitter users didn’t have enough to think about this week (thanks Kanye), it sprung an even bigger surprise on its users late Thursday night.

The social network prompted all of its 336-million users to change their passwords, after it discovered that its employees could potentially see them. Twitter’s calling it a “bug”, but it was seemingly a flaw in the way the firm logged passwords.

We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password. https://t.co/RyEDvQOTaZ

— Twitter Support (@TwitterSupport) May 3, 2018

“When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it,” the prompt began. “We recently identified a bug that stored passwords unmasked in an internal log.”

Simply put, instead of jumbling up your password’s characters or encrypting them, this particular log was available to view in plain text. Simpler still, even granny could’ve copy pasted all 300-million passwords into Word if she wanted, and she could’ve logged into Donald Trump’s account without his knowledge.

But Twitter notes that no one in the company, or granny, really wants that sort of responsibility.

“We have fixed the bug, and our investigation shows no indication of breach of misuse by anyone.”

Even so, Twitter has asked its entire swathe of users to tweak their passwords as “out of an abundance of caution”.

Some users were still notably shook. I mean, wow.

pic.twitter.com/hRn2eyesiI

— alex medina (@mrmedina) May 3, 2018

If you too are slightly freaked out, you shouldn’t really given the company’s swift and authoritative statement. However, if you potentially use a single password across a number of accounts — Google, Facebook, Microsoft, your bank — you should be petrified.

Changing the password is simple enough though:

• In the app, tap on your avatar
• In the pop up menu, tap on “Settings and Privacy”
• Tap on “Account”
• Tap on “Password”
• Think of something you’ll remember

If you’ve forgotten your password, that’s okay too. There’s an option at the bottom of the password page that’ll let you reset it.

It may also be a good idea to enable two-factor authentication — adding another layer of security that’ll ensure your password isn’t the only thing required to log in to your account.

And finally, please don’t use the same password on every service. The internet thanks you.

Feature image: Memeburn