Twitter has advised their 336 million users to change their password because of an internal bug. The company claims that they use a technology which masks all the user’s passwords before storing them. Recently, a bug has been identified which is saving unmasked passwords in an internal log. Twitter has said that company has fixed the bug and an investigation ensured that no misuse occurred by anyone.
We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password. https://t.co/RyEDvQOTaZ
— Twitter Support (@TwitterSupport) May 3, 2018
However, the company has advised its 336 million users to change their password for all services where they have used the password including Twiter. Twitter uses a function called bcrypt which replace the password with some random set of numbers and letters and then it gets saved on the ecosystem. This process of masking the password before saving them called hashing using the bcrypt function.
This process allows the Twitter’s system to validate the passwords without actually revealing the password to anyone. Twitter has posted a tweet in which they stated the fixing of this bug and suggested to change the password on all services where the password has been used.
Twitter even put a skippable full-screen message on the Twitter app which states the same thing and takes you directly to the setting to change the password, or you can skip it. Twitter also said that they found the bug and they have fixed it and have taken steps to prevent it from happening any further. Twitter has also removed the passwords which were saved without masking on the Twitter ecosystem.