Tuesday , October 23 2018 Ausdroid » News » Twitter bug left passwords in clear text in internal logs – or: It’s Time to change your Twitter password


Another day, another reason to make sure you use unique passwords for each site or service you use. Twitter has today announced that a bug in their software left passwords in plaintext in internal logs.

Normally, Twitter says they use industry standard hashing software bcrypt to change the passwords from clear text to ‘a random set of numbers and letters’ allowing Twitter admins to ‘validate your account credentials without revealing your password’. It seems that this wasn’t happening throughout their process though with Twitter finding that ‘an internal log’ was storing passwords in plain text.

Twitter was fast to point out that they’ve fixed the bug. The only people likely to have access to the passwords while in the logs were Twitter employees and their internal investigation showed that there’s no evidence that anyone was breached the system or misused the bug.

As a result of the bug, and despite their investigation showing that no misuse of the bug occurred, Twitter is still advising users to change their passwords. In a nod to normal human behaviour, Twitter also reminded users that if they use the same password on Twitter anywhere else, they should change that too (and use individual passwords on every site or service). Other factors users can use to offset potential security issues in the wake of this breach includes turning on 2Factor Authentication.

We’ve been saying it for a while, but we recommend using a password safe like 1Password, LastPass, Dashlane, KeePass or any of the other numerous password safes out there which offer to generate random passwords for each site.

For how to change your password on Twitter, head over to their support site now.

Source: Twitter.

Daniel Tyson   Ausdroid's Editor in Chief

Dan is a die-hard Android fan. Some might even call him a lunatic. He's been an Android user since Android was a thing, and if there's a phone that's run Android, chances are he owns it (his Nexus collection is second-to-none) or has used it.

Dan's dedication to Ausdroid is without question, and he has represented us at some of the biggest international events in our industry including Google I/O, Mobile World Congress, CES and IFA.

Join the Ausdroid Conversation

avatar
  Subscribe  
Notify of

Check Also

Modified Google Camera app lets you try Night Sight on your Pixel phone

Google’s announcement of Night Sight for the Pixel 3 at their Made by Google event …