Twitter Password Vulnerability

Reported: 4th May 2018

Twitter advised its 336 million users yesterday (Thursday) to change their passwords after it discovered that it had mistakenly stored them internally prior to fortifying them through a security technique, leaving the passwords vulnerable to hackers.

Parag Agrawal, Twitter’s chief technology officer, wrote in a blog post that users should also consider changing their passwords on other services if the passwords they used there were the same as on Twitter. The company also disclosed the password flaw in a regulatory filing on Thursday, indicating that the bug was serious enough to warrant more formal disclosure than a corporate blog post. Twitter has about 336 million users, according to its latest letter to shareholders.

Twitter CEO Jack Dorsey followed Agrawal’s post by tweeting that company has “no indication of breach or misuse.” He added that the company warned users because “it’s important for us to be open about this internal defect.”

Twitter did not say how many passwords were affected bit it is understood the number was "substantial" and that they were exposed for "several months". Twitter discovered the bug a few weeks ago and has reported it to some regulators, an insider said.

To change your password

Go to your Twitter account settings page, click password, enter your current password, and enter a new one. Remember to use a strong password. Don’t use a password you’ve used somewhere else. (And if you’ve used your Twitter password elsewhere, you’ll want to change it on those services, too.)

Further Reading: Creating Strong Passwords