If you’re a Twitter user you know the power of the platform, but what if someone else accesses your account, or multiple accounts, and starts exploiting them?
That could potentially happen as Twitter admitted to a bug that affected the way the service stores passwords. Instead of being stored in cryptographic hash form, a way of masking text into a set of random characters to protect the original string, the passwords were stored in plain text format that anyone can read.
Twitter said the bug caused the passwords to be written to an internal log before they were masked. If the system is operating correctly, account credentials are accessed without actually revealing the password.
We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password. – Twitter
Twitter didn’t make it seem like the expose was critical though, and said they found the bug themselves and that their investigation “shows no indication of breach or misuse by anyone.” But, the company does ask that you “consider changing your password on all services where you’ve used [the] password.
That means if you use the same password for Twitter, Facebook, SnapChat or any other services consider changing it across the board. It’s always good to change your passwords once in a while, so maybe these leaks and bugs that happen every so often are a good reminder to do so.
Read more over at Twitter’s blog.