The microblogging site Twitter is advising its 336 million users to change their account passwords immediately. The reason, a bug in their system exposed the passwords in plain text.
According to a blog post, the bug (now fixed) existed in the hashing process that is used to secure account passwords by turning them into random numbers and characters.
Due to the bug, the passwords were written to an internal log in plain text before completing the hashing process, practically putting them on display for an attacker.
Twitter has confirmed that they found no sign of a “data breach or misuse by anyone” during their investigation. However, they didn’t tell how many passwords were affected due to the bug and how long it took to fix it after it was discovered.
How to change your Twitter password?
To change your Twitter password, click your profile picture on the top and go to Settings and Privacy. On the left-hand side, click Password.
How to enable Two Factor Authentication on Twitter?
For adding an extra layer of security, it’s advised that you should enable two-factor authentication for your Twitter account. The microblogging site calls it Login Verification.
Setting up the two-factor authentication will require a mobile number with active SMS service. So, keep one at hand.
- On the Settings and privacy page, click Account.
- Now, under Security, click the Set up login verification button.
- Click Ok on the pop-up box that describes the login verification setup process.
- Next, select your country code and type your phone number. Click Send Code.
- Enter the code you received on your and click Submit.
Now, every time you log in to your account, you’ll have to enter the OTP. On the next screen, you can get the backup code for your account in case your phone is not around when you try to access your twitter account.