Right on the heels of social media giant Facebook is Twitter, with a jaw-dropping 336 million users on its platform. The microblogging site is popular with celebrities, politicians and the who’s who of the world. One would assume that the security aboard the company’s systems is top notch. But it turns out that there was in fact, a bug that stored passwords in plain text in Twitter’s internal systems.
Twitter stated that they patched the issue and has discovered “no indication of breach or misuse” though it suggested that users change their passwords on the website and other services as a precaution.
We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password. https://t.co/RyEDvQOTaZ— Twitter Support (@TwitterSupport) May 3, 2018
“We are very sorry this happened,” said Twitter’s chief technology officer, Parag Agrawal, in a post. “We recognise and appreciate the trust you place in us, and are committed to earning that trust every day.”
Companies typically store passwords in a way that cannot be read. At Twitter, passwords are hashed, which means that the original characters of the password are replaced by a set of random characters.
“This allows our systems to validate your account credentials without revealing your password,” Agrawal said adding, “This is an industry standard.”
Thanks to the bug, the passwords were registered to a log without the completion of the hashing process. This development comes as lawmakers across countries are inspecting how companies store users’ data, after a number of security incidents at Facebook, Equifax and Uber Technologies.