Change Your Passwords: Twitter Bug Exposes User Passwords

Twitter announced that a bug in their system may have exposed user passwords internally and urged all subscribers to change their account passwords. They have yet to disclose the number of affected users, but the company said they've investigated and fixed the flaw. However, insider reports claim that the issue affects a substantial number of users and that the passwords were left exposed for “several months”.

In the statement, they explained that they used hashing with bcrypt, often described as a stronger hashing algorithm that validates user accounts without revealing the password. The company did not disclose, however, why passwords have to be stored in an internal log prior to hashing. Their investigation results also showed that there were no signs of a breach or misuse of the affected accounts. However, the statement still advises users to consider changing the account password, along with those of all services where the same password was used.

Users were also informed of the issue via a pop-up upon opening the app. Twitter reportedly has 330 million users as of February, and cited that they “are implementing plans to prevent this bug from happening again.”

[Read: Best Practices: How to secure your social media accounts]

For your privacy and security, here are some recommendations in securing your social media accounts:

• Practice good password hygiene. Never reuse the same passwords or easy-to-remember ones for different social media or other online accounts, such as birthdays or dictionary words. Attackers who may get hold of your personal information or use dictionary attack could access your online accounts for malicious intent.
• Enable and set 2FA for all your online accounts. Sites and apps have readily available 2FA features and can be easily updated, and a combination of another layer for authentication is an additional line of defense considerably safer than a single factor authentication.
• Check the security and privacy settings of your online accounts. The default settings set up by platforms allow for a layer of protection for users and the companies themselves, but are made to allow for gathering relevant market information from their users. Checking and adjusting the default settings to protect your personal information may be tedious, but it's better than having your account credentials or personal information stolen or compromised.