Oh joy, another breach!
This time it’s Twitter, which just admitted to a pretty big blunder. In a new blog post, the company’s CTO, Parag Agrawal, wrote that his team “recently identified a bug that stored passwords unmasked in an internal log.” In short, there was something employees had access to that contained potentially every users’ unencrypted password (Twitter didn’t give a number for how many passwords were involved). That’s pretty nuts. Agrawal goes on: “We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone.”
Twitter now recommends that you change your password, because of course you should–passwords were literally sitting in some document on the company’s servers. The bug, Twitter says, is due to its encrypting process, which allowed the passwords to be written in the internal log before they were securely hashed.
The timing of the announcement is interesting, to say the least: It was tweeted just after 4 p.m. ET, which is conveniently right after the markets close. Already, the company’s stock is dropping in after-hours trading.
All the same, it’s probably pretty important that you change your Twitter password now. You can read the full blog post here.