Twitter Asks 330 Million Users to Change Passwords after Bug Found

Twitter is an online social networking and microblogging service that enables users to send and read "tweets", limited to 140 characters.

Twitter detected a bug that allowed users’ passwords to be stored in open text form. It is now fixed, but users are advised to change their passwords.

Twitter has discovered that its systems have been storing the confidential information of users’ passwords in plain text instead of in coded numbers.

The company has publicly disclosed the bug and has assured that there are no instances of any data being stolen or exposed to outside elements. It has requested users to change their passwords as soon as possible.

Bug Found Through Internal Audit

The blog post that Twitter published to disclose the vulnerability does not indicate how they stumbled upon this bug.

There are experts who feel they might have done an internal audit following the recent detection of a similar bug in GitHub that involved password logs appearing in plain text.

This news came out in early May, and it is definitely possible that someone at Twitter thought it wiser to do a check if this was not happening at their end as well.

In addition to sharing news of the bug to the public at large, Twitter also added a warning message that pops up when you log into your Twitter account.

The reason Twitter is asking everybody to change their passwords is more with a view to eliminate any possibility that the data might have reached some unwanted elements.

Data Security Still a Worry

Though sporadic in nature, the reports of such bugs and glitches, whether it is Facebook or Uber or some other major tech company, create a lot of apprehension in the minds of the users.

These companies hold information and data which may be highly personal in nature, and if this data gets into the hands of any hacker or unscrupulous person, it can wreak havoc even with international ramifications.

Take the case of Twitter. Its 330-million user base is drawn from practically every corner of the globe. With the connected world, any data theft can prove disastrous.

There are cynics who question the trustworthiness of the data protection measures put in place by these companies. They don’t lack in technology and some of them are pioneers in their field.

Will GDPR Spur Them into Action?

Amidst these indiscretions from some of the better known corporate entities in the U.S., the scenario in Europe is building up to be quite exciting with the General Data Protection Regulation (GDPR) protocols about to set in.

The European Union has brought in these regulations which will not spare any such lapses on the part of the internet companies that collect personal data from the public and store them on their servers.

The public trusts these companies to have provided adequate protection for their information sitting on their systems, and that it won’t be shared unless they have given their consent.

But if the systems get hacked or if the company even inadvertently shares the data, and such instances are reported, the GDPR rules will come into force and the companies have to face severe penalties which can be as high as €20 million (roughly $24 million).

As things stand, companies cannot come up with weak excuses for such lapses, and the European Union means business when it comes to offering protection to the citizens within its jurisdiction. There’s nothing stopping many other countries from coming up with similar regulations.

As far as Twitter is concerned, it claims it has already fine-tuned its Privacy Policy to fall in compliance with GDPR.

Twitter Confirms Data Not Revealed to Anyone

Close up of man in a suit showing printed Twitter logo.

Twitter has discovered that its systems have been storing the confidential information of users’ passwords in plain text instead of in coded numbers.

Coming back to the Twitter blog post and the password security episode, it is obvious that the bug was in existence but not detected. As explained by Twitter, as you create a password for your account, their system would store it as a mixture of letters and numbers, rather than the actual text you inputted. This process is known as hashing.

From what is learnt now, the problem existed here and the passwords did not get converted. They stayed in the same form that the users typed in. This means, at one level, the passwords could be read by the employees of Twitter who had access to the data.

The company says their checking of the system after they came to know about the bug has not revealed any kind of tampering. Users have to trust this in full and quickly change their passwords to feel safer.

Twitter May Not See Many Leaving

The other aspect of concern for these social media organizations is that users may desert the platform. This was seen with Facebook after the Cambridge Analytica scandal broke out earlier this year. Some ran campaigns to attract and convince others to delete the Facebook app from their devices.

But something similar may not happen with Twitter. Firstly, there may not be private information sitting inside someone’s Twitter account like it does in the case of Facebook.

Secondly, Twitter has its own strengths in instantly making your views known to millions across the world like U.S. President Donald Trump does each morning. There may not be another app with equal power in communication as Twitter.

Lastly, since it is more of a followers-driven platform, the ones leaving Twitter may be the ones to lose and not the other way around.

Twitter’s stock performance took a slight hit following the news of the bug, but it may not be a serious issue to bother the company. Twitter has also confirmed to its users that the bug has since been taken care of and there’s nothing to worry in the future.

Still, Twitter has listed some steps users can take to remain safe, including enabling login verification and changing their passwords on Twitter and on other platforms that used the same password.

Finally, as matter of safety, there is general advice to all users of computers and other devices to exercise some caution while setting passwords. There are password managers available online that can guide the best way to create passwords which cannot be easily decoded by hackers.

Leave a Reply