You will be redirected back to your article in seconds

Twitter Reveals Password Bug, Recommends Users Change Passwords

Twitter disclosed that it discovered a bug in its system for storing passwords — which left them exposed in an internal log — and its top technology exec said that “out of an abundance of caution” users should consider changing their passwords.

Twitter shares dropped as much as 2.7% in after-hours trading Thursday after the social-media company disclosed the bug.

In a blog post, Twitter CTO Parag Agrawal said the company had fixed the glitch and that its internal investigation “shows no indication of breach or misuse by anyone.”

“We are very sorry this happened,” Agrawal wrote. “We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.”

Twitter didn’t say how many users’ passwords were being stored in clear text. For the first quarter of 2018, it reported an average monthly active user base of 336 million accounts worldwide.

Twitter users are able to change their password on the password settings page, available at this link. Agrawal also pointed users to Twitter’s two-factor authentication login settings, which sends a six-digit code to a user’s phone number that is required to log in to the service in addition to username and password.

Twitter uses an industry-standard “hashing” mechanism to mask passwords; that replaces the actual password with a “random set of numbers and letters that are stored in Twitter’s system,” Agrawal explained.

However, the bug in Twitter’s password-storage system caused user passwords to be stored before completing the hashing process. “We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again,” Agrawal wrote.

In February 2016, Twitter disclosed that it had discovered and fixed a bug in its password-recovery systems within 24 hours after identifying it. That bug, which affected almost 10,000 accounts, didn’t expose passwords but “had the potential to expose the email address and phone number associated with a small number of accounts,” according to the company.

In the past, several high-profile Twitter accounts have been hijacked by hackers — including those of Netflix, HBO, Marvel, and even Twitter CEO Jack Dorsey himself. Those incidents don’t appear to be related the bug Twitter just disclosed. It’s also worth noting that Twitter isn’t alone in being susceptible to account hacks: For example, last summer someone broke into the Instagram account of Selena Gomez and posted a nude pic of ex-boyfriend Justin Bieber.

More Digital

  • Lena Dunham and Jenni Konner

    Lena Dunham and Jenni Konner's Lenny Letter Is Shutting Down (Report)

    Twitter disclosed that it discovered a bug in its system for storing passwords — which left them exposed in an internal log — and its top technology exec said that “out of an abundance of caution” users should consider changing their passwords. Twitter shares dropped as much as 2.7% in after-hours trading Thursday after the […]

  • Ticketmaster Acquires Blockchain Ticketing Company Upgraded

    Ticketmaster Acquires Blockchain Ticketing Company Upgraded

    Twitter disclosed that it discovered a bug in its system for storing passwords — which left them exposed in an internal log — and its top technology exec said that “out of an abundance of caution” users should consider changing their passwords. Twitter shares dropped as much as 2.7% in after-hours trading Thursday after the […]

  • Viki - Suspicious Partner

    With DramaFever's Demise, Other Services Step Up to Cater to K-Drama Fans

    Twitter disclosed that it discovered a bug in its system for storing passwords — which left them exposed in an internal log — and its top technology exec said that “out of an abundance of caution” users should consider changing their passwords. Twitter shares dropped as much as 2.7% in after-hours trading Thursday after the […]

  • Spotify logo is presented on a

    Spotify Revamps Its Mobile App for Paying Subscribers

    Twitter disclosed that it discovered a bug in its system for storing passwords — which left them exposed in an internal log — and its top technology exec said that “out of an abundance of caution” users should consider changing their passwords. Twitter shares dropped as much as 2.7% in after-hours trading Thursday after the […]

  • Funimation - My Hero Academia: Two

    Sony's Funimation Ends Anime Licensing Pact With Crunchyroll

    Twitter disclosed that it discovered a bug in its system for storing passwords — which left them exposed in an internal log — and its top technology exec said that “out of an abundance of caution” users should consider changing their passwords. Twitter shares dropped as much as 2.7% in after-hours trading Thursday after the […]

  • The Apple Downtown Brooklyn store grand

    Apple Sets Oct. 30 Launch Event in New York City

    Twitter disclosed that it discovered a bug in its system for storing passwords — which left them exposed in an internal log — and its top technology exec said that “out of an abundance of caution” users should consider changing their passwords. Twitter shares dropped as much as 2.7% in after-hours trading Thursday after the […]

More From Our Brands

Access exclusive content