Twitter Reveals Password Bug, Recommends Users Change Passwords

Twitter disclosed that it discovered a bug in its system for storing passwords — which left them exposed in an internal log — and its top technology exec said that “out of an abundance of caution” users should consider changing their passwords.

Twitter shares dropped as much as 2.7% in after-hours trading Thursday after the social-media company disclosed the bug.

In a blog post, Twitter CTO Parag Agrawal said the company had fixed the glitch and that its internal investigation “shows no indication of breach or misuse by anyone.”

“We are very sorry this happened,” Agrawal wrote. “We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.”

Twitter didn’t say how many users’ passwords were being stored in clear text. For the first quarter of 2018, it reported an average monthly active user base of 336 million accounts worldwide.

Twitter users are able to change their password on the password settings page, available at this link. Agrawal also pointed users to Twitter’s two-factor authentication login settings, which sends a six-digit code to a user’s phone number that is required to log in to the service in addition to username and password.

Twitter uses an industry-standard “hashing” mechanism to mask passwords; that replaces the actual password with a “random set of numbers and letters that are stored in Twitter’s system,” Agrawal explained.

However, the bug in Twitter’s password-storage system caused user passwords to be stored before completing the hashing process. “We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again,” Agrawal wrote.

In February 2016, Twitter disclosed that it had discovered and fixed a bug in its password-recovery systems within 24 hours after identifying it. That bug, which affected almost 10,000 accounts, didn’t expose passwords but “had the potential to expose the email address and phone number associated with a small number of accounts,” according to the company.

In the past, several high-profile Twitter accounts have been hijacked by hackers — including those of Netflix, HBO, Marvel, and even Twitter CEO Jack Dorsey himself. Those incidents don’t appear to be related the bug Twitter just disclosed. It’s also worth noting that Twitter isn’t alone in being susceptible to account hacks: For example, last summer someone broke into the Instagram account of Selena Gomez and posted a nude pic of ex-boyfriend Justin Bieber.

More Digital

  • Michelle Kempner

    BuzzFeed Entertainment Operations Head Michelle Kempner Exiting for Facebook

    Twitter disclosed that it discovered a bug in its system for storing passwords — which left them exposed in an internal log — and its top technology exec said that “out of an abundance of caution” users should consider changing their passwords. Twitter shares dropped as much as 2.7% in after-hours trading Thursday after the […]

  • Empty movie theater

    AMC Theatres Teams With Facebook for Movie Ticket Purchases

    Twitter disclosed that it discovered a bug in its system for storing passwords — which left them exposed in an internal log — and its top technology exec said that “out of an abundance of caution” users should consider changing their passwords. Twitter shares dropped as much as 2.7% in after-hours trading Thursday after the […]

  • VUDU logo

    Walmart Eyes Q4 Launch of Vudu-Branded Service to Rival Netflix (EXCLUSIVE)

    Twitter disclosed that it discovered a bug in its system for storing passwords — which left them exposed in an internal log — and its top technology exec said that “out of an abundance of caution” users should consider changing their passwords. Twitter shares dropped as much as 2.7% in after-hours trading Thursday after the […]

  • Marc Hustvedt - Fine Brothers Entertainment

    Marc Hustvedt, Formerly CEO of Above Average, Joins FBE (EXCLUSIVE)

    Twitter disclosed that it discovered a bug in its system for storing passwords — which left them exposed in an internal log — and its top technology exec said that “out of an abundance of caution” users should consider changing their passwords. Twitter shares dropped as much as 2.7% in after-hours trading Thursday after the […]

  • Walter Cronkite Media Broadband

    Rebooting Walter Cronkite: Broadcast News Rushes to Broadband

    Twitter disclosed that it discovered a bug in its system for storing passwords — which left them exposed in an internal log — and its top technology exec said that “out of an abundance of caution” users should consider changing their passwords. Twitter shares dropped as much as 2.7% in after-hours trading Thursday after the […]

  • Spotify logo is presented on a

    Spotify Launches Feature to Help Artists, Labels Submit Music to Playlists

    Twitter disclosed that it discovered a bug in its system for storing passwords — which left them exposed in an internal log — and its top technology exec said that “out of an abundance of caution” users should consider changing their passwords. Twitter shares dropped as much as 2.7% in after-hours trading Thursday after the […]

  • Chance the Rapper

    Chance the Rapper Buys Chicagoist Website, He Announces in New Single

    Twitter disclosed that it discovered a bug in its system for storing passwords — which left them exposed in an internal log — and its top technology exec said that “out of an abundance of caution” users should consider changing their passwords. Twitter shares dropped as much as 2.7% in after-hours trading Thursday after the […]

More From Our Brands

Access exclusive content