Yesterday, May 3rd, Twitter announced that it had discovered a bug that had saved user passwords unprotected on an internal log.

Twitter has since fixed the issue and an internal investigation had found no indication passwords were stolen or misused by insiders.

The company protects user passwords via a process called hashing, which shows random characters in place of the actual passwords. But the detected bug stored the passwords in their original plain-text form to an internal log.

More information on the issue can be found in Twitter’s Keeping Your Account Secure blog post.

Twitter is prompting users to change their passwords by displaying this pop-up window on the site that explains the nature of the bug and links to their Settings page.

As soon as possible, you should go to Twitter.com or open your Twitter app and change your twitter password (don’t forget to change it everywhere it is stored as well, including any 3rd party apps you use with twitter):

  1. Click on your profile picture
  2. Click on “Settings and privacy” on the drop-down menu
  3. Click on “Password” on the left
  4. Enter your current password and a new, unique password

Make sure you pick a good password — one that’s hard to guess, longer than eight characters, relatively random, has upper and lowercase letters, and contains numbers and symbols, according to USA Today.

Then, change your password with any other services that used that also used your old Twitter password.  When changing your password with the other services, don’t use the new password you just created for Twitter, create a new one entirely, or at least throw in a variation.

Password Best Practices:

  • Create strong passwords. Never use family names, pets, birthdays, “12345” or “password”. Many websites and apps will prompt you to include a combination of numbers, lowercase and uppercase letters, and symbols and this is for good reason. The harder your password is to guess, the harder it is to crack.
  • Use unique passwords for each of your accounts. Today’s hackers are smart, if one of your passwords is hacked, there is a high chance the hacker will try and hack all of your accounts. Use different passwords to ensure your critical information across email, social media and banking apps is protected.
  • “Forgot password” problems. Relying on ‘forgot your password’ link as a fallback option within a webmail service or other site isn’t a wise move. The answers to the questions asked to unlock your account are often easily found on social media profiles of yourself or your friends or family, making the code easy to crack for hackers.
  • Use a password manager. All of the above is great, but how are you supposed to remember 20 or more unique passwords? The answer is simple: a password manager. A password manager will help you to create complex and strong passwords and auto-saves them so you don’t have to remember each and every one.

Our Suggested Actions:

  1. Change your twitter password
  2. Also change the password on any other services that use that same password