Twitter Asks All Users to Change Their Password

A bug in the Twitter system caused people's passwords to be kept unmasked in an internal log.

• By Sydny Shepard
• May 07, 2018

If you haven't already changed your Twitter password, what are you waiting for?

Last week, Twitter's chief technology officers, Parag Agrawal, revealed that a bug in the Twitter system caused the passwords of users to be stored unmasked in an internal log. The social media company swears that there is "no reason to believe password information ever left Twitter's systems or was misused by anyone," it is recommending that all 336 million users change their passwords immediately.

Generally speaking, this very public notice from Twitter should be lauded for its transparency," VP, product management and strategy at Tripwire, Tim Erlin said. "Finding unmasked passwords in logs is obviously a problem, but it's hardly unique to Twitter. As an industry, we should make sure we're praising positive moves as well as criticizing the problems we all see."

Perhaps the more important piece of news here is not that Twitter is recommending its user's change passwords to their Twitter accounts, but they are recommending that users change their passwords on all other websites where the password might have been used.

"Twitter passwords being stored in plain text does not sound great but, according to the social media giant itself, there appears to be little to no risk that user credentials have made it out into the wild," security researcher at Comparitech.com, Lee Munson said. "That said, it is curious as to why Twitter would have any passwords stored in plaintext at any given moment in time when it otherwise claims all login credentials are encrypted. For that reason alone, all users of the social network should follow the company’s advice and change their passwords immediately, paying careful attention to ensure the replacement is long, complex and not used anywhere else online – a password manager would certainly be a useful tool for achieving this."

In order to change your password, go to Twitter.com and scroll over to your avatar in the upper right hand corner. Click it and navigate to "settings and privacy" on the drop-down menu. From there click, "Password" on the left. Change your information, keeping in mind password rules to protect you in the future, like creating a unique password for different accounts and implementing capitals, numbers and symbols into your password.