After a software bug gripped Twitter, the social media giant has cautioned its 330+ million users to change their passwords. While research by Twitter revealed no support for the breach or misuse of unmarked passwords, the social media platform is recommending that users should change their passwords not just on the site itself, but also third-party apps like TweetDeck and Twitterrific.
Twitter Announces That Users’ Password Were Exposed
Twitter announced that the bug occurred due to a hashing process issues. Hashing involves masking passwords by replacing them with random character strings. However, due to an error in the system, passwords were stored in plain text on the internal logs. Twitter claimed it had discovered the bug on its own and removed the unmasked passwords. The company is working to ensure the same kind of issues doesn’t crop up again.
We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password. https://t.co/RyEDvQOTaZ
— Twitter Support (@TwitterSupport) May 3, 2018
Twitter has not shared how many passwords could have been possibly compromised. What’s important is that the company has requested all the users to change their passwords. This suggests there seems to be a considerable number of users impacted.
Twitter has added a warning on its mobile apps, asking users to change passwords:
Keeping your Twitter Account Secure
When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it. We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigations show no indication of a breach or misuse by anyone.
Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password.
Twitter CTO Parag Agrawal tweeted his apologies for the leak after the announcement was posted. He disclosed that Twitter has shared this information “to help people make an informed decision” regarding their account’s security. While he said they “didn’t have to, but believe it’s the right thing to do,” this has raised many eyebrows.
This Twitter disclosure ironically was made on the World Password Day! On a more serious note, even if there’s no indication for an actual breach, this bug reinforces the need for basic security hygiene and serves as a good reminder for it.
Consequently, it’s worth spending a few moments to consider how your passwords are set. Consider moving to a password manager and always use different passwords across services. In this way, when leaks take place, the worst damage can be avoided.
Using unique passwords for every service is easy with a password manager, as the latter helps you to track them all.
Stay Safe And Take These Steps
While the long-term and complete implications of the password leak are not clear, and neither is the number of users affected directly, there is no harm in acting immediately.
CEO of TrustedSec, a penetration testing company held that it was a “bad thing and Twitter should be held to the fire for it” but the social media channel is taking all the “right steps” by urging people to change passwords and announcing the bug, rather than concealing it.
Taking the initiative, Twitter has notified desktop and mobile users to switch their passwords. So, here’s what you need to do.
How To Change My Twitter Password
Visit Twitter and click the profile image located to top right corner. Click on Settings and Privacy and go to the Password tab. Twitter will ask for the existing password and give you the option to change it with a new one.
Make sure you enter a unique and strong password. Another thing to do is to use different passwords across all online accounts, apps, and multiple services. Just to be cautious, if your old Twitter password has been used for other accounts, it should be changed there as well.
Login Verification & Two-Factor Authentication
To be safe, you need to turn on your two-factor authentication. It’s available on Twitter and some other Twitter apps. Check which other apps have access to your account. If these apps are insecure, they can offer hackers a shortcut into your account, without even cracking your password.
The two-factor authentication is a process that makes hacking passwords harder for criminals. If someone gains your username and password and tries to sign into your account, Twitter will send an SMS code to your phone to confirm. Since they will probably not have access to your phone, they’ll be unable to hack your account.
You can even choose a code generator app such as Authy or Google Authenticator. These apps generate new code after every few seconds which makes them very secure.
How to Set Up Login Verification online
- Click the profile icon. Then, click Settings and Privacy.
- Select Account and follow this by choosing Set Up Login Verification. On smartphones, there’s an additional step – click the Security section within Settings and Privacy.
- Go through the overview instructions before clicking Start.
- Click on Verify after entering your password.
- Click Send Code to add the smartphone number.
- Enter the code for verification sent to your mobile phone, and then click Submit to enable login-verification.
How to Generate Codes Using Third-Party Apps
- Tap or click the Profile icon and then select Settings and Privacy.
- Select the Account tab.
- Click the Review Your Login Verification Methods located beneath Security and right next to login verification.
- Type in your password and tap Confirm.
- You’ll find Set up next to the Mobile Security App.
- Read the instructions carefully and then press Start.
- If you are requested to Verify the password, do so.
You will then see a QR code that you will then use the app to scan and generate the Twitter login code.
Once the process is complete, the app generates a six-digit code automatically. Note that this code changes once every 30 seconds.
Enter the code currently active in the field for Security Code. Click on Done.
While Twitter might have been careless with our passwords, the good thing is that the bug was noticed before a breach happened. In any case, it’s advisable to change the password and apply two-factor authentication on your Twitter and related accounts. Follow the steps given here to stay safe on all social media accounts.