Twitter is encouraging all of its 330+ million users to change their passwords. The company announced that they recently discovered a bug which affected their hashing of user passwords. The bug allowed for an unspecified number of user passwords to be recorded in plain text to an internal log prior to hashing. Twitter claims they did not find evidence that this error led to user passwords being misused, but is urging users to change their passwords anyway out of an abundance of caution.
If you are a Twitter user, we strongly recommend that you follow the company’s advice and do the following:
- Change your password on Twitter and on any other service where you may have used the same password.
- Use a strong password that you don’t reuse on other websites. (Our password generator can create a strong password as long as 512 characters)
- Enable login verification, also known as two factor authentication (2FA). This is the single best action you can take to increase your account security.
- Use a password manager to make sure you’re using strong, unique passwords everywhere.