Twitter shot itself in the foot recently but is working hard to get out in front of the problem. According to a recent blog post, the company experienced an issue with its hashing routine – a process which masks user passwords, making them virtually impossible to crack. The FTC has a post about this.
Because of the issue, user passwords were stored as plain text on an internal log file. The company found the bug on its own, conducted an investigation and found no evidence that anyone discovered the log file and appropriated it. Although they gave no indication as to how many user passwords the log file contained, they nonetheless urged all of their 330+ million users to change their passwords immediately as a safety precaution.
This could have been far worse for the company, had the log been discovered by a diligent security researcher, or worse still, by a hacker. Even so, it’s a fairly damaging bit of news that’s sure to cause at least some lost trust with its growing user base.
If you use Twitter, you should definitely take the company’s recommendation to heart and change your password immediately. As ever, when you do, the best thing you can do to help yourself is to be sure you’re not using the same password on Twitter as you use on other websites you frequent. That way, even if your password is compromised, the damage will be limited to your Twitter account only. We have mentioned this before in this post.
An even better solution would be to use a password safe, which securely stores the passwords of the various sites you frequent. Although even this step doesn’t provide bullet-proof protection, as password safes are by no means immune to hacking.
Diligence and vigilance are once again the keys. Keep your passwords secure and change them often.