Twitter urges users to change passwords after bug discovery

By Pascal Oparada

If you got one of those pop-up messages when going through your Twitter timelines urging you to change your password ‘out of the abundance of caution’ then your account is among those which might have been compromised, probably.

 Users were alerted Thursday and Friday about possible password bug by the social network, urging them to change their passwords – just in case.

 The app sent a message to users alerting them to the presence of a bug which, according to them, have been fixed.

 “When you set your password for your Twitter account, we use technology that masks it so that no one at the company can see it.

 We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone.

 Out of an abundance of caution, we ask that you consider changing your password on all services where you have used this password”, the statement read.

 In a blog post, Twitter Chief Technology Officer Parag Agrawal wrote that Twitter uses the bcrypt hashing function, based on Bruce Schneier’s Blowfish encryption algorithm, to store mathematical representations of passwords. “This allows our systems to validate your account credentials without revealing your password,” Agrawal noted. “This is an industry standard.”

But because of a coding bug, Agrawal explained, “passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.