With social media firms being under scrutiny for their approach to user privacy, you’d think Silicon Valley would be sure to dot every i and cross every t, but that’s just not how tech works.
Twitter today announced via blog post that it had made a small goof with regards to user security.
“We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system. This allows our systems to validate your account credentials without revealing your password. This is an industry standard. ” The firm explained, “Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.”
In practice, most people are probably safe as Twitter says they did not detect any breach (note, this is distinct from a breach having actually occurred, nor does it preclude people from suspecting a breach occurred and accusing Twitter of a coverup regardless.)
That being said, should you want to ensure that you really are safe, Twitter recommends changing your password not just for Twitter, but for any service where you use the same credentials. The firm also recommends that users use a password manager, and enable 2fa where possible.
Like we said, you’re probably safe, but there’s no harm in making certain.