Twitter urges 336 million users to change passwords after bug discovered

Login details had been stored in plain text on the company’s internal systems

Twitter
(Image credit: Bethany Clarke/Getty Images)

Twitter has urged all of its 336 million users to update their passwords after the company discovered that some had been exposed in plain text on an internal server.

The social media site’s co-founder, Jack Dorsey, said in a tweet that as a result of a software bug, the passwords had been “written to an internal log” prior to the “hashing” process, which masks login details with a series of random letters and numbers before they are stored.

See more

He added that the bug had been “fixed”, and that an internal investigation had found “no indication of breach or misuse” of the exposed data.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE
https://cdn.mos.cms.futurecdn.net/flexiimages/jacafc5zvs1692883516.jpg

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

Nevertheless, Twitter users are also being urged to activate two-factor authentication, “to help stop accounts being hacked”, BBC News reports.

The security feature prompts users to enter a code, sent to them either via a text message or through a third-party app, after they have correctly inputed their password.

Although Dorsey didn’t reveal how many passwords had been exposed, a company insider told Reuters that the number was “substantial” and that they had been stored as text files for “several months”.

The source said Twitter had discovered the glitch “a few weeks ago” and reported it to “some regulators”, according to the news site.

Meanwhile, Twitter’s chief technology officer, Parag Agrawal, provoked anger among users by tweeting that the company “didn’t have to” share information about the data bug, adding that it was simply “the right thing to do”.

Agrawal later apologised for suggesting that the company could have covered up the issue, insisting that he had “felt strongly” that the information should be shared.

See more

Continue reading for free

We hope you're enjoying The Week's refreshingly open-minded journalism.

Subscribed to The Week? Register your account with the same email as your subscription.