However, the company has advised its 336 million users to change their password for all services where they have used the password including Twiter. According to a post on the social network's official blog, a pretty big mix up left passwords of the site's 330 million users in plain text. Twitter's calling it a "bug", but it was seemingly a flaw in the way the firm logged passwords.
'Out of an abundance of caution, we ask that you consider changing your password on all services where you've used this password'. Unfortunately, many users ran into errors when attempting to change passwords.
"We are very sorry this happened", Twitter said.
If you want to take your security to the next level - and you probably should - you may want to look into enabling two-factor authentication for your sensitive accounts. "We recognize and appreciate the trust you place in us, and are committed to earning that trust every day", Agrawal went on to say. The company told users that it's "implementing plans to prevent this bug from happening again". Though the corporate stated there is no such thing as a proof passwords have been leaked or misused, it's urging its customers to replace their passwords.
Twitter stated in a post on its official blog that it had fixed the misconception and that it believed that no passwords were ruptured or misused. This log would remain in the system even after hashing was complete and was accessible to Twitter employees.
Independent security expert Graham Cluley said: "It's quite encouraging that Twitter both found the problem internally, and informed its users quickly and transparently".
Simply put, instead of jumbling up your password's characters or encrypting them, this particular log was available to view in plain text.
In a statement from Twitter's Chief Technical Officer Parag Agrawal, the company explained the security issue. Click on that and you should see the screen shown in Figure A.
The modification in password can be done on opening the Twitter app or website.
Spare us the theatrics of protesting that you don't reuse log-in information.