You should probably change your Twitter password right now, according to the company.
On Thursday afternoon, Twitter Support tweeted that an internal bug left stored Twitter passwords “unmasked” in an internal log. “We fixed the bug and have no indication of a breach or misuse by anyone,” the tweet reads. “As a precaution, consider changing your password on all services where you’ve used this password.”
In a blog detailing what caused this privacy SNAFU, Twitter CTO Parag Agrawal explained that the company stores passwords using technology that masks their actual contents.
We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system. This allows our systems to validate your account credentials without revealing your password. This is an industry standard.
The “bug,” however, has left the passwords unmasked, as Twitter itself discovered. The company says it has no reason to believe that passwords have been lifted from Twitter’s database, but seeing as they were lying naked in plain sight, so to speak, they recommend as a precaution that Twitter users — all 330 million of them — change their passwords.
Agrawal claimed the company was sharing this information with users in an effort to be transparent. “We didn’t have to, but believe it’s the right thing to do,” he said. Yes, I guess you didn’t have to, but that’s kind of a cavalier attitude to take towards user privacy, just saying.
The company also recommends changing your password on any service that uses the same password as your Twitter account.