Photo: Matt Rourke (AP)
You need to change your Twitter password.
Due to a "bug" in its system, some 330 million Twitter users' passwords may have been temporarily exposed, CTO Parag Agrawal announced on the official Twitter blog Thursday afternoon.
Twitter says it corrected the error in its system, which left passwords viewable in plaintext rather than properly scrambled, but it is still urging all users to change their password.
We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password. https://t.co/RyEDvQOTaZ
— Twitter Support (@TwitterSupport) May 3, 2018
Agrawal explained the snafu in the blog post, writing that although Twitter protocol is to use hashing to mask passwords, a "bug" caused users' to be "written to an internal log before completing the hashing process."
This internal log is not encrypted, and the data, unprotected by hashing, was temporarily exposed.
I’m sorry that this happened, but am proud to work at a company that puts people who use our service first.
— Parag Agrawal (@paraga) May 3, 2018
Bottom line: Go change your password. Now.
To change your password via Twitter's website, click on your profile picture icon near the top-right corner > Settings and Privacy > Password.
Enter your current (now-exposed) password, and enter in a new, stronger password. If you're not sure how to create a strong password, read this first.
On iOS and Android, click your profile picture icon in the top-left > Settings and Privacy > Account > Password (or, on iOS, "Change password"), and go through the password-change process explained above.