A bug was discovered on Twitter’s internal computer system that unintentionally exposed as user passwords were stored unmasked in an internal log.
Twitter disclosed this issue yesterday on an official blog post and in a series of Tweets form Twitter Support.
Twitter hashes passwords using a function known as bcrypt. It replaces an actual password with a random set of numbers and letters and then stored inside their computer systems. This allows the social media company to validate users’ credentials without exposing actual passwords in a way that even Twitter employees can’t see them.
When the bug was discovered, an internal investigation conducted right away and they found no indication that this was exploited or was caused by an insider breach.
“We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again. We are very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.” Twitter CTO Parag Agrawal said.
With this, consider changing your Twitter password and enable 2-factor authentication just to be on the safe side.