Twitter password drama: time to change your passwords

Time to update your passwords folks.  Twitter has announced this morning that they’ve discovered a “bug” in their system which had every single twitter account password stored in plain text unencrypted.

When you create a password on any service, it is normally stored in a format that at a glance is not your actual password. It’s a process called “Hashing” which allows the system to authenticate you, but doesn’t allow – for example – a system engineer to look at the database and see everyone’s passwords.

Turns out, Twitter had a log file on a computer where all the user passwords were stored in plain text, before the hashing process.

Ooops.  That’s not a bug, it’s a programming mistake.

And while no dates have been revealed as part of the statement, we can assume that every single account for all time has been part of this “bug”

Stupidly, Twitter’s Chief Technology Officer (CTO) Parag Agrawal tweeted that the company “didn’t have to” reveal this:

Likely after much outrage, he corrected himself in a small way:

Bottom line, there’s no evidence your password has been obtained by any external party – but – there’s no way they will ever know if a rogue employee took a copy of them all.

As a precaution – change your password.  On Twitter, and on any other site where you used that same password.