Twitter Admits All Passwords Visible to Employees Due to ‘Bug’

Social media company Twitter has advised users to change their account passwords after it was discovered that a bug resulted in user passwords being stored in an insecure manner.

In a blog post titled “Keeping your account secure,” company CTO Parag Agrawal explained that the platform utilizes software that masks user passwords, preventing anyone at the company from viewing them. But due to a bug, all user passwords were stored in plaintext in an internal log. Agarwal says that they have investigated and fixed the bug and so far have found no signs of misuse or breach of user data.

Twitter uses a process called hashing and a function called “bcrypt” to replace user passwords with random numbers and letters which are stored in Twitter’s system, this is how Twitter validates all user data and is an “industry standard” according to Agrawal. Somehow, this process failed, resulting in all of the site’s 300 million users’ passwords being made visible to multiple employees working at the company.

Agrawal tweeted that Twitter “didn’t have to” alert users to the error but did so as they believed it was the “right thing to do.”

Read more