No big deal, just Twitter reporting that a bug may have exposed user passwords and suggesting, just to be safe, “consider changing your password on all services where you’ve used this password”:
We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password. https://t.co/RyEDvQOTaZ
— Twitter Support (@TwitterSupport) May 3, 2018
That means it’s a good idea to change your password on any account — email, Facebook, Amazon, etc. — that uses the same user ID and password as your Twitter account as hackers will get the login information for one and try on others.
According to reports, this affects all of Twitter’s 330 million+ users:
#BREAKING: Twitter announces it accidentally stored passwords unsecured on an internal system, recommends all 330 million+ users change their passwords https://t.co/a5xHIigonh pic.twitter.com/YQ6gX69OJ3
— CBS Los Angeles (@CBSLA) May 3, 2018
Twitter CEO Jack Dorsey tweeted that the company sees “no indication of breach or misuse,” which is good news:
We recently discovered a bug where account passwords were being written to an internal log before completing a masking/hashing process. We’ve fixed, see no indication of breach or misuse, and believe it’s important for us to be open about this internal defect. https://t.co/BJezo7Gk00
— jack (@jack) May 3, 2018
But the company’s CEO, Parag Agrawal, raised eyebrows when he tweeted that Twitter “didn’t have to” reveal its blunder to the public:
We are sharing this information to help people make an informed decision about their account security. We didn’t have to, but believe it’s the right thing to do. https://t.co/yVKOqnlITA
— Parag Agrawal (@paraga) May 3, 2018
Yeah, that didn’t fly with many:
“We didn’t have to tell you” that 330 million passwords were available to read in plain text is a hell of a take from the CTO https://t.co/JXkphDlrVG
— Casey Newton (@CaseyNewton) May 3, 2018
“We didn’t have to.” What magnanimity. https://t.co/ZhtknJrQy6
— Chuck Wendig (@ChuckWendig) May 3, 2018
Jfc, my dude.
— Molly Knight (@molly_knight) May 3, 2018
“We didn’t have to?” Nah, you really did. Thanks for the heads up. https://t.co/vapj2p5nD1
— Scott Hanselman (@shanselman) May 3, 2018
Didn’t have to share? What!?
— Ned Pyle (@NerdPyle) May 3, 2018
"We didn't have to not kick these puppies, but we believe it's the right thing to do." https://t.co/IDTPsdje3r
— Cassandra, Pudgy Nobody (@ChrisWarcraft) May 3, 2018
Agrawal quickly corrected himself:
I should not have said we didn’t have to share. I have felt strongly that we should. My mistake. https://t.co/Cqbs1KiUWd
— Parag Agrawal (@paraga) May 3, 2018
And Dorsey threw him a lifeline:
Openly admitting our mistakes quickly, learning, and moving on. I love my teammates. https://t.co/pn9sgUf1Op
— jack (@jack) May 3, 2018
The stock fell in after-hours trading on the news:
Shares of Twitter fall nearly 3% after-hours; Reuters reports that the social network has recently reported a "password storage glitch" to regulators. https://t.co/dj2DfzDb2l pic.twitter.com/XN5bDM1YFb
— CNBC Now (@CNBCnow) May 3, 2018
Join the conversation as a VIP Member