App image

Twitter discloses password exploit bug, recommends password change

Published 5/4/2018 by IanDorfman

Twitter has fixed a bug that caused users' passwords to be stored on its servers without any encryption.

In a blog post by Parag Agrawal, Twitter's Chief Technical Officer, the company has disclosed a bug that caused passwords to be stored in plaintext format without any encryption within internal logging. The social network did not disclose how many users were potentially impacted by this bug, but did recommend users change their passwords as a precautionary measure both on Twitter and other sites where users might have the same password.

Agrawal claims that Small Twitter iconTwitter has "no reason to believe password information ever left Twitter’s systems or was misused by anyone," though this is not a definitive assertion that the information was not stolen or otherwise accessed. He also recommends utilizing two-factor authentication and a password manager (such as Small LastPass iconLastPass and Small KeePass iconKeePass) for users to further safeguard their profiles.

Twitter on HyperVTX