Twitter cautions all its users that it's best if they changed their passwords right this instant after a bug exposed them in plain text.
Twitter makes it clear that no breach happened and no password was misused upon its investigation, still it's encouraging users to switch for the sake of an "abundance of caution." Users are urged to change the passwords they use on the site, in addition to anywhere else they may have used it, such as management suite TweetDeck, HootSuite, and other third-party Twitter apps.
Twitter Password Bug: What You Need To Know
Twitter explains the bug occured because of an issue within the hashing process that masks passwords by replacing them with a series of random characters, which are stored on Twitter's servers. As it turns out, a system flaw was saving passwords in plain text instead of securely insulating them with the hashing process. Twitter has since removed the plain text passwords, and it's also making sure this won't happen again going forward.
"We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again," Twitter said in a post.
Twitter chose not to reveal how many passwords were compromised or how long the bug had been active before discovery. However, asking all of its 330 million users to have their passwords changed definitely sends a huge message about how serious the situation is, regardless if it's been dealt with, as Twitter claims.
Perhaps more information will surface in the next few days. In the meantime, Twitter recommends that users change their passwords, enable login verification or two-factor authentication, or best of all, use a password manager, which makes logging in to different services more convenient, not to mention secure.
There is possibly no worst time for tech companies to get embroiled in data privacy scandals than at present, what with Facebook's messy and highly public Cambridge Analytica data scandal, which ended up forcing CEO Mark Zuckerberg to testify before the U.S. Congress, among other outcomes — like the company choosing to delay the release of its smart speakers in the United States to avoid ruffling any more feathers over data privacy.
Depending on how bad Twitter's password bug is, the company might have more explaining to do in the coming days. For now, it's best to follow its recommendations. Change your passwords, people.