You will be redirected back to your article in seconds

Twitter Reveals Password Bug, Recommends Users Change Passwords

Twitter disclosed that it discovered a bug in its system for storing passwords — which left them exposed in an internal log — and its top technology exec said that “out of an abundance of caution” users should consider changing their passwords.

Twitter shares dropped as much as 2.7% in after-hours trading Thursday after the social-media company disclosed the bug.

In a blog post, Twitter CTO Parag Agrawal said the company had fixed the glitch and that its internal investigation “shows no indication of breach or misuse by anyone.”

“We are very sorry this happened,” Agrawal wrote. “We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.”

Twitter didn’t say how many users’ passwords were being stored in clear text. For the first quarter of 2018, it reported an average monthly active user base of 336 million accounts worldwide.

Twitter users are able to change their password on the password settings page, available at this link. Agrawal also pointed users to Twitter’s two-factor authentication login settings, which sends a six-digit code to a user’s phone number that is required to log in to the service in addition to username and password.

Twitter uses an industry-standard “hashing” mechanism to mask passwords; that replaces the actual password with a “random set of numbers and letters that are stored in Twitter’s system,” Agrawal explained.

However, the bug in Twitter’s password-storage system caused user passwords to be stored before completing the hashing process. “We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again,” Agrawal wrote.

In February 2016, Twitter disclosed that it had discovered and fixed a bug in its password-recovery systems within 24 hours after identifying it. That bug, which affected almost 10,000 accounts, didn’t expose passwords but “had the potential to expose the email address and phone number associated with a small number of accounts,” according to the company.

In the past, several high-profile Twitter accounts have been hijacked by hackers — including those of Netflix, HBO, Marvel, and even Twitter CEO Jack Dorsey himself. Those incidents don’t appear to be related the bug Twitter just disclosed. It’s also worth noting that Twitter isn’t alone in being susceptible to account hacks: For example, last summer someone broke into the Instagram account of Selena Gomez and posted a nude pic of ex-boyfriend Justin Bieber.

More Digital

  • Missing Link Laika Studios

    ‘Missing Link’ Again Tops Studios’ TV Ad Spending

    In this week’s edition of the Variety Movie Commercial Tracker, powered by the TV ad measurement and attribution company iSpot.tv, Annapurna Pictures claims the top spot in spending for the second week in a row with “Missing Link.” Ads placed for the animated film had an estimated media value of $5.91 million through Sunday for [...]

  • Sirius Logo

    SiriusXM Unveils $8 Essential Plan for Consumers Without Cars

    SiriusXM wants to cater consumers without cars, or cars without compatible stereos, with a new $8 plan for mobile and in-home listening. Dubbed SiriusXM Essential, the plan offers access to 200+ channels featuring the network’s entire music programming, as well comedy, news and select sports channels. Consumers will be able to test the new plan [...]

  • Mueller Report Book Editions Top Amazon's

    Mueller Report Book Editions Shoot to Top of Best-Seller Lists at Amazon, Barnes & Noble

    Robert Mueller is now a best-selling author. Book publishers’ forthcoming editions of the special counsel’s report zoomed to the top of the Amazon’s and Barnes & Noble’s lists of book best-sellers Friday. That comes a day after the report was publicly released, culminating the nearly two-year investigation into Russian interference in the 2016 U.S. election [...]

  • Marques Brownlee - Retro Tech

    YouTube Orders Marques Brownlee 'Retro Tech' Original Series

    YouTube has turned to one of its homegrown stars — technology vlogger Marques Brownlee, aka “MKBHD” — for its newest original series. The video platform has greenlit series “Retro Tech” featuring Brownlee, in which he’ll unbox and review vintage technology products that have defined pop culture. The show, slated to debut in December 2019, follows [...]

  • Netflix Tests Random Episode Button in

    Netflix Starts Testing Random Episode Button

    Netflix is testing a button to play random episodes of select TV shows, the company confirmed Friday morning. “We are testing the ability for members to play a random episode from different TV series on the Android mobile app,” a Netflix spokesperson told Variety. “These tests typically vary in length of time and by region, [...]

  • Netflix Our Planet Sophie Darlington

    Netflix's 'Our Planet' Roars to Life With Work by Top Wildlife Cinematographers

    In terms of scope, production time and — very likely — budget, Netflix’s “Our Planet” is one of the most ambitious projects from the streaming service to date. Narrated by David Attenborough and made available worldwide on April 5, the goal of the eight-part series is to capture diverse habitats across the globe and highlight [...]

More From Our Brands

Access exclusive content