×
You will be redirected back to your article in seconds

Twitter Reveals Password Bug, Recommends Users Change Passwords

Twitter disclosed that it discovered a bug in its system for storing passwords — which left them exposed in an internal log — and its top technology exec said that “out of an abundance of caution” users should consider changing their passwords.

Twitter shares dropped as much as 2.7% in after-hours trading Thursday after the social-media company disclosed the bug.

In a blog post, Twitter CTO Parag Agrawal said the company had fixed the glitch and that its internal investigation “shows no indication of breach or misuse by anyone.”

“We are very sorry this happened,” Agrawal wrote. “We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.”

Twitter didn’t say how many users’ passwords were being stored in clear text. For the first quarter of 2018, it reported an average monthly active user base of 336 million accounts worldwide.

Twitter users are able to change their password on the password settings page, available at this link. Agrawal also pointed users to Twitter’s two-factor authentication login settings, which sends a six-digit code to a user’s phone number that is required to log in to the service in addition to username and password.

Twitter uses an industry-standard “hashing” mechanism to mask passwords; that replaces the actual password with a “random set of numbers and letters that are stored in Twitter’s system,” Agrawal explained.

However, the bug in Twitter’s password-storage system caused user passwords to be stored before completing the hashing process. “We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again,” Agrawal wrote.

In February 2016, Twitter disclosed that it had discovered and fixed a bug in its password-recovery systems within 24 hours after identifying it. That bug, which affected almost 10,000 accounts, didn’t expose passwords but “had the potential to expose the email address and phone number associated with a small number of accounts,” according to the company.

In the past, several high-profile Twitter accounts have been hijacked by hackers — including those of Netflix, HBO, Marvel, and even Twitter CEO Jack Dorsey himself. Those incidents don’t appear to be related the bug Twitter just disclosed. It’s also worth noting that Twitter isn’t alone in being susceptible to account hacks: For example, last summer someone broke into the Instagram account of Selena Gomez and posted a nude pic of ex-boyfriend Justin Bieber.

More Digital

  • NPR Releases Open Source Podcast Metrics

    How NPR Aims to Bring Transparency to Podcast Metrics

    NPR unveiled a new open source podcast measurement project Wednesday that aims to bring more transparency and granularity to podcast metrics. The project, dubbed Remote Audio Data (RAD), has been developed in partnership with a number of podcast app developers, ad tech companies as well as tech and media heavyweights including ESPN, Google and iHeartMedia. [...]

  • 2019 Variety Predictions

    2019 Predictions: What's in Store for Film, TV and Music Next Year?

    It would be hard to top the drama of 2018. From media mega-mergers to the rise of Time’s Up, it was a year that had more than its fair share of twists and turns. Leslie Moonves resigned in disgrace, AT&T snapped up Time Warner, Disney inched closer to subsuming Fox and “Black Panther” shattered box [...]

  • apple brooklyn october 2018 event

    Apple Looking to Launch Magazine Subscriptions in Early 2019 (Report)

    Apple is preparing to relaunch Texture, a news subscription app it acquired in March, as a premium tier of Apple News early next year, according to a Bloomberg report. To prepare for the launch, Apple has been trying to get prominent newspapers including the New York Times and the Wall Street Journal to come on [...]

  • Tencent Music Raises $1.1 Billion for

    Tencent Music Raises $1.1 Billion for IPO, Much Less Than Expected

    China-based music streaming company Tencent Music Entertainment Group said it raised nearly $1.1 billion in its U.S. initial public offering, according to Reuters. Earlier this year, the company was expected to be valued at as much as $30 billion and raise $4 billion for its IPO, but those estimates were slashed in September. he IPO [...]

  • Netflix Orders ‘I Am Not Okay

    Netflix Orders ‘I Am Not Okay With This’ From Producers of ‘Stranger Things’

    The producers of “Stranger Things” and creator and director of “The End of the F***ing World” series are making “I Am Not Okay With This” for Netflix, a coming-of-age tale about a girl with mysterious powers. 21 Laps will make the series, which was co-created by Jonathan Entwistle, who was behind Channel 4 and Netflix show [...]

  • Netflix Logo

    Netflix’s India Content Head Swati Shetty Makes Exit

    Swati Shetty, who has headed Indian content operations at Netflix is to step down from the global streaming giant. She joined the streamer in August 2016 as director of international originals and acquisitions. The company said it is placing more emphasis on India and that the role should ideally be fulfilled form Mumbai, rather than [...]

  • Oculus Rift

    ZeniMax Agrees to Settle Facebook VR Lawsuit

    Game company ZeniMax Media said it is has agreed to settle litigation against Facebook, Oculus and individual executives alleging misappropriation of its virtual-reality technology. Terms of the settlement were not disclosed. ZeniMax sued Facebook in 2014 after Id Software co-founder John Carmack joined Oculus as chief technology officer. In the suit, which sought as much as $4 billion in damages, alleged [...]

More From Our Brands

Access exclusive content