Twitter Warns Users To Change Passwords After "Glitch"

The social media platform Twitter issued an urgent request to all 330 million users to change their passwords after a glitch exposed users' passwords on its internal computer system. The glitch caused some users' passwords to be stored in readable text rather than disguised by a process known as "hashing".

<blockquote class="twitter-tweet" data-lang="en"><p lang="en" dir="ltr">We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password. <a href="https://t.co/RyEDvQOTaZ">https://t.co/RyEDvQOTaZ</a></p>&mdash; Twitter Support (@TwitterSupport) <a href="https://twitter.com/TwitterSupport/status/992132808192634881?ref_src=twsrc%5Etfw">May 3, 2018</a></blockquote>

<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>

<blockquote class="twitter-tweet" data-lang="en"><p lang="en" dir="ltr">We recently discovered a bug where account passwords were being written to an internal log before completing a masking/hashing process. We’ve fixed, see no indication of breach or misuse, and believe it’s important for us to be open about this internal defect. <a href="https://t.co/BJezo7Gk00">https://t.co/BJezo7Gk00</a></p>&mdash; jack (@jack) <a href="https://twitter.com/jack/status/992143463356362753?ref_src=twsrc%5Etfw">May 3, 2018</a></blockquote>

<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>

If you logged onto Twitter Thursday you should have gotten a prompt to change your password. It is actually a quick and painless process and I was surprised with how quickly I was able to change my password. Chief Executive Jack Dorsey said in a Tweet, "We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password."

<img src="https://media.8ch.net/file_store/1d2a13d2445543e46983d244a3f2f9635a11d366ec546ef314f23e28fab9e656.jpg" style="max-height:640px;max-width:360px;">

<span style="margin-top:15px;rgba(42,51,6,0.7);font-size:12px;">Twitter</span>

Related coverage: <a href="https://thegoldwater.com/news/24544-UK-Russian-Twitter-Bots-Backed-Labour-During-Election">UK - Russian Twitter Bots Backed Labour During Election</a>

Twitter disclosed the "glitch" in a series of Tweets on Thursday but only after they say they resolved the problem and an internal investigation had found no passwords were stolen or misused by anyone who could have had access. It would have been nice to have been informed of the breach as soon as Twitter became aware that it's users passwords were exposed instead of long after the fact. The company's Chief Technology Officer Parag Agrawal actually acted like the company telling it's users about the breach at all was a privilege.

<blockquote class="twitter-tweet" data-lang="en"><p lang="en" dir="ltr">Look at the arrogance of Twitter&#39;s Chief Technology Officer. &quot;We didn&#39;t have to&quot; tell users their passwords were stored unencripted and in plain text for employees to access. Time for CEO <a href="https://twitter.com/jack?ref_src=twsrc%5Etfw">@Jack</a> Dorsey to answer to Congress! <a href="https://twitter.com/hashtag/TwitterPasswords?src=hash&amp;ref_src=twsrc%5Etfw">#TwitterPasswords</a> <a href="https://t.co/Zx9H9kuPBv">pic.twitter.com/Zx9H9kuPBv</a></p>&mdash; Mark Dice (@MarkDice) <a href="https://twitter.com/MarkDice/status/992139313583292416?ref_src=twsrc%5Etfw">May 3, 2018</a></blockquote>

<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>

<blockquote class="twitter-tweet" data-lang="en"><p lang="en" dir="ltr">I should not have said we didn’t have to share. I have felt strongly that we should. My mistake. <a href="https://t.co/Cqbs1KiUWd">https://t.co/Cqbs1KiUWd</a></p>&mdash; Parag Agrawal (@paraga) <a href="https://twitter.com/paraga/status/992146630232043520?ref_src=twsrc%5Etfw">May 3, 2018</a></blockquote>

<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>

Agrawal later clarified his tweet and said he should not have said "we didn't have to share" and was adamant that he "felt strongly that we should". The company didn't say exactly how many passwords were exposed but a person familiar with Twitter said the number was "substantial" and that the passwords were exposed for "several months".

Related coverage: <a href="https://thegoldwater.com/news/24539-Guns-Are-So-Offensive-They-ve-Been-Replaced-With-Water-Pistols-By-Every-Major-Platform">Guns Are So "Offensive" They've Been Replaced With Water Pistols By Every Major Platform</a>

The disclosure of the password breach comes during a time where suspicions are mounting toward social media giants like Facebook and Twitter as governments around the world consider whether these companies have become too powerful and need more regulation.

Twitter settled with the U.S. Federal Trade Commission in 2010 over accusations the site had "serious lapses" in data security that let hackers access users' private data on more than one occasions. The settlement also required an audit of Twitter's data security program every other year for 10 years.

<i>On Twitter:</i>

<a href="https://twitter.com/MAGASyndicate">@MAGASyndicate</a>

Tips? Info? Send me a message!

Source: https://www.reuters.com/article/us-twitter-passwords/twitter-urges-all-users-to-change-passwords-after-glitch-idUSKBN1I42JG