There was a bit of drama over the weekend, after a Twitter password bug was discovered. The social network announced that user credentials were stored in plain text, posing a major security issue.
Normally, any web service stores passwords on its servers in an encrypted format. When you enter the login password and username, the website will cross-check it with the one on the server, to authenticate the sign-in process.
However, according to Twitter, the bug allowed passwords to be stored unmasked, in an internal log. That is, the passwords were in plain text, visible for anyone who could have gained access to the log. Fortunately, Twitter conducted an investigation and says that there is no indication that the exploit was used by anyone.
The bug has been fixed too, of course. And when you login to Twitter, or if you are already logged in, and load the webpage, you will see a message captioned “Keeping your account secure”, like in the screenshot.
Basically, this is a reminder about the Twitter password bug, so you can change the password, just in case the information has been leaked elsewhere. You will need to enter the current password, and set a new one and save it. The process also involves re-checking all apps which you may have authorized to use your Twitter account. So, if you don’t recognize an app which is there, or if you are no longer using one of those, just revoke access for the app, and you are good to go.
And as an additional security measure, we would like to suggest users to use the 2-factor authentication, which Twitter provides. You can choose between the SMS based two-step verification or the 6-digit app based verification which can be used with apps like Authy or Google Authenticator, to secure your account further.
It is good that the Twitter password bug was officially declared by the company, instead of the company hiding it.