Twitter is suggesting that users of the social media service change their passwords due to a security bug. The trouble with this is that many users are likely to use the same password for multiple accounts which will mean changing them all… and of course using the same password for multiple services is a bad idea and you shouldn’t really do it, but memory being what it is users go for ease over complexity every time.
“Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password.”
Twitter says that they recently identified a bug that stored passwords unmasked in an internal log, normally they are masked so that no one within twitter can see the password you use using bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system.
Twotter found this error themselves, removed the passwords, and are implementing plans to prevent this bug from happening again. They could probably have covered it up and kept quite, but of course as a responsible company they’re informing all users. They urge users to consider changing their passwords even though they’re certain that the unhashed passwords weren’t accessed and have now been secured.
