Do you have a Twitter account? Well, do I have some news for you, pal! Your password – along with the passwords of 330 million other users – has very possibly been exposed.
We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password. https://t.co/RyEDvQOTaZ
— Twitter Support (@TwitterSupport) May 3, 2018
According to Twitter, an error meant that passwords were accidentally saved to a log in plaintext format before they were encrypted to normal industry standards. This means that yes, there was a file sitting somewhere on Twitter’s labyrinthine servers which had your password sitting there plain as day.
The company says they have “no reason to believe password information ever left Twitter’s systems” but are recommending that users change their passwords anyway, out of an abundance of caution. This is slightly unusual – normally a site will force a password reset in a situation like this, as LinkedIn did last year. So either Twitter is extremely confident nobody got their hands on the exposed data, or they’re just very, very concerned about the PR fallout from 330 million accounts getting a compulsory password reset prompt.
Considering the fact this is the company which let a contractor literally delete Donald Trump’s Twitter account on the way out the door on his last day, perhaps we shouldn’t have complete confidence in the former scenario.
Anyway: if you’ve got a Twitter account, it’s probably a good idea to log on and change your password. Especially if you use that password for other stuff. Go on then. I’m not your mum, but I’m mumming you on this one.
