Twitter saved passwords unencrypted due to bug
Twitter warns that it temporarily stored passwords unencrypted in internal logs due to a bug. Although the service has no indication that the logs have been accessed by unauthorized persons, it is advised that every user should change their password.
Twitter reports discovered the bug ‘recently’. The service does not report how many passwords were stored unencrypted and how long they were in the internal logs as such. Twitter recently announced that it has a total of 267 million monthly active users.
Because Twitter has no indications that its servers have been invaded by unauthorized persons or that the logs have been misused, the service has not reset passwords. As a precautionary measure, the company recommends that users “consider” changing their passwords, even on services where they use the same password, should that be the case.
Twitter made the announcement Thursday evening. The first Thursday of May has been proclaimed by some parties as Password Day, to make people aware of having a good password policy.