Twitter recommends ALL users change passwords after security blunder

ByCraig Haley

Did you notice a prompt to change your password when logging into Twitter recently? That’s because a pretty serious and basic security blunder by the social media site resulted in user’s passwords being saved in plain text in a log inside Twitter’s servers.

Twitter admitted that a “bug” had caused the passwords belonging to a number of users to be potentially accessible to those inside the Twitter network (Twitter staffers, mostly.)

However Twitter also claimed that an investigation into the bug – which has now been fixed – revealed no indication that anyone exploited the bug and obtained any passwords. However, Twitter is still advising their users consider changing their passwords, because, well – you never know.

When passwords are stored on Twitters servers, they are supposed to be masked so no one inside the company (or no one hacking into the company) can simply obtain them. That process is called hashing. However, the bug that Twitter discovered meant that plain text passwords were accidentally being stored in an internal log, before the hashing process completed. That internal log wasn’t being deleted, meaning plaint text passwords were sitting in a log on Twitter servers.


Sponsored Content. Continued below...




It’s a pretty serious security blunder, one that ironically occurred on a day dubbed by many as World Password Day. However to Twitters credit, they informed their users quickly and seem to have been extremely transparent in what happened – something that couldn’t be said for many other companies that have suffered security faux-pas’s in the past (Yahoo.)

Should you change your password? We’d certainly recommend it, since no one can be 100% sure that no one managed to obtain the passwords. And it’s better to be safe than sorry.

It’s also a good demonstration as to why two-factor authentication could be useful. Even if you’re security aware and tech savvy enough never to get have your password compromised, there’s no guarantee companies like Twitter won’t compromise your password for you. If and when this happens, having two-factor authentication enabled means that crooks with your password still won’t be able to access your account because they’ll need an additional piece of information. More about two-factor authentication here.

Keep up-to-date with all our latest articles. Follow us on Facebook, Instagram and Twitter.

Continued below...


Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)

Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)