Skip to main content

Twitter says bug caused user passwords to be stored in plaintext internal log

Twitter today has detailed an internal bug that saw passwords be stored in an internal unmasked log. While Twitter says that it sees no signs of breach or misuse, it’s recommending that users “consider changing” their passwords…

Twitter explains that while it usually uses hashing to protect user passwords, a bug caused passwords to be written to an internal log before completing that hashing process. What’s important to note here is that the people who had access to this plaintext log were Twitter employees and the company doesn’t see any signs of wrongdoing or breach:

We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system.

Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.

Twitter doesn’t specify whether or not the bug affected everyone’s passwords or not, but it is recommending that all users change their password out of “an abundance of caution.” Ultimately, the company apologizes and reiterates that it is committed to earning user trust:

We are very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.

Twitter’s announcement comes just a few days after GitHub revealed a similar bug that exposed some plaintext passwords.

Head to Twitter’s blog for the company’s full list of tips on account security, including login verification, using a password manager, and more.


Subscribe to 9to5Mac on YouTube for more Apple news:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Chance Miller Chance Miller

Chance is the editor-in-chief of 9to5Mac, overseeing the entire site’s operations. He also hosts the 9to5Mac Daily and 9to5Mac Happy Hour podcasts.

You can send tips, questions, and typos to chance@9to5mac.com.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications