Twitter warns users to change passwords after accidentally ‘unmasking’ them in an internal log [Update]

Twitter warns users to change passwords after accidentally ‘unmasking’ them in an internal ...

Just minutes ago, Twitter’s official support channel posted a tweet stating that users may want to change their passwords as a precautionary measure.

The tweet didn’t dive into much detail, but a blog post that accompanied it revealed that developers found a bug that stored passwords “unmasked” in an internal log.

Typically, twitter uses a hashing algorithm called bcrypt to replace the letters and numbers in your password with a nonsensical-looking string of characters that masks the real thing. Hashing allows your credentials to be used for logging in to Twitter and other services, without revealing your password to developers or system admins.

Due to a bug, the passwords were written to an internal log before they were hashed, exposing the plaintext password to Twitter developers.

Twitter reports that it spotted the error itself, and doesn’t appear to have been breached. Representatives also state that they are implementing plans to prevent this sort of thing from happening again.

While the company isn’t forcing users to change passwords at this point, it wouldn’t be a bad idea.

UPDATE May 5 2:13 PST: Twitter is now strongly urging users to change their passwords.


Read next: Instagram will soon let you book restaurant tables and buy movie tickets within the app

Corona coverage

Read our daily coverage on how the tech industry is responding to the coronavirus and subscribe to our weekly newsletter Coronavirus in Context.

For tips and tricks on working remotely, check out our Growth Quarters articles here or follow us on Twitter.