Internal Attack On Twitter

Image from

Image from

Madison Jackson, Staff

Last week between May 3-6, Twitter’s 330 million users were urged to change their passwords after some passwords were exposed in plain text on its internal network. Twitter said an error in the way the passwords were handled meant some were stored in easily readable form.

The passwords should have been put through a procedure called “hashing” making them very difficult to read. Security experts said the way Twitter handled the potential breach was “encouraging”. The bug caused the passwords to be stored on an internal computer log before the hashing process was completed.

In a blog, the social network said once the mistake was uncovered it carried out an internal investigation which found no indication passwords were stolen or misused by insiders.

However, they still urged all users to consider changing their passwords “out of an abundance of caution”.

Twitter did not say how many passwords were affected but it is understood the number was substantial and they were exposed for several moments. Twitter discovered the bug a few weeks ago and has reported it to some regulators, an insider told Reuters.

Chief executive, Jack Dorsey, tweeted to say the “bug” had been fixed. “We recently discovered a bug where account passwords were being written to an internal log before completing a masking/hashing process. We’ve fixed, see no indication of breach or misuse, and believe it’s important for us to be open about this internal defect,” said Dorsey.