Twitter is recommending all of its 330 million users to change their passwords at the earliest as a new software glitch has accidentally exposed its users’ passwords by storing them in readable text on its internal computer system.
Twitter has reported this issue in their official blog post and a series of tweets from Twitter Support. According to Parag Agrawal, Twitter’s CTO, Twitter hashes the users passwords using a function known as bcrypt, that replaces the actual password using a random set of numbers and letters and are stored in their systems.
The company can then easily validate their users’ credentials without disclosing their actual passwords, so that even the Twitter employees are not aware of the passwords.
Unfortunately. a software bug has caused the passwords to be written to an internal log before completing the hashing process which left the passwords exposed on the company’s internal system.
Parag reports that Twitter itself have found and resolved the problem and an internal investigation has been conducted which reported no signs of breach or passwords being stolen or misused by insiders.
He also says that the errors have been found and removed by them itself and would implement plans to prevent this bug from happening again. They are sorry for what had happened and will strive to earn the trust of its users.
Even then the company has suggested all its users to change the passwords just to be safe.
How to Reset Twitter Password
To reset your password on Twitter, first click on your Profile Picture icon given in the top-right corner, then go to Settings and Privacy → Password. Then type your current password and enter a new password. Make sure to select a password that it strong.
For the Twitter app for iOS and Android, click on your Profile Picture icon in the top-left corner, and then go to Settings and Privacy → Account → Change Password (“Password” on Android), and create a new, stronger password.
The users are also advised to change the password on all other services where they have used the same password. They should also enable two-factor authentication service on Twitter, that will provide an extra security to the account and help prevent the account from being hacked.