Twitter recently released a tweet recommending all 336 million users to change their passwords. Since this was a tweet, and with the nature of the platform (can you say "noise"?), it may have gone unnoticed by the majority of the audience it was meant for. So, for all of you who have a Twitter account, here's a quick recap.
According to Twitter, the reason they're recommending this change is because of a "bug that Twitter discovered that saved user passwords unprotected on an internal log."
"As a precaution, consider changing your password on all services where you've used this password," the company tweeted.
The company protects user passwords via a process called hashing, which shows random characters in place of the actual passwords. But the detected bug stored the passwords in their original plain-text form to an "internal log."
The company declined to comment on when the bug was discovered, how long it had been storing passwords in this manner and how many passwords were affected. But it reiterated "this is not a breach."
Twitter is prompting users to change their passwords via a pop-up window on the site that explains the nature of the bug and links to their Settings page.
If you use Twitter (or any social media site for that matter), it's a great practice to change your passwords on a recurring basis. On top of that, and while you're at it, you should add another layer of protection by turning on Two Factor Authorization (2FA).
As always, we recommend that you do the following for all apps and services:
- Avoid reusing the same passwords across multiple services
- Create strong, unique passwords
- Consider using a passphrase instead of a password
- Only sign in to your account from secure devices and always sign out if accessing on a non-personal device
- Enable two-factor authorization whenever possible
On a related note, if you'd like to see how your company's security precautions stack up, please download our free Cyber Security Report Card and evaluate how you're doing.
As always, please feel free to share your thoughts and experiences in the comments section below or send me an email if you'd like to chat about this or any other cyber related issue more in-depth.