Site navigation

ALL 330 Million Twitter Passwords Exposed

Dominique Adams



Twitter admits it accidentally stored all 330 million of its users’ passwords in plain text.

The company is asking all users to change their passwords after it mistakenly stored them in plain text in an internal log file, before the hashing process. According to Twitter, there is no evidence of any breach or misuse of this data, however, it still cautions its users to promptly change their password.

Users were also urged to enable the platform’s two-factor authentication service to add extra protection and to help prevent accounts from being hijacked.

As a result of the gaff Twitter’s share price dropped 1% in extended trade at $30.35, after gaining 0.4% during the session.

What Went Wrong?

In what Twitter describes as “standard industry practice” it masks its users’ password through a process called hashing, this function is known as bcrypt. The bcrypt process replaces the actual password with a random set of numbers and letter that are then stored in Twitter’s system. By doing this it can validate an account’s credentials without revealing the password.

However, due to a bug users’ passwords were written into an internal log before the hashing process was completed, thus leaving the passwords exposed in plain text. Twitter said in a blog post that it had identified this error and removed the passwords.

Twitter assured users that it was implementing plans to prevent this bug happening again, adding at the end of its blog: “We are very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.”

Twitter’s CTO Responds

Parag Agrawal, the Chief Technology Officer at Twitter took to his account to respond to the incident tweeting:

The addition of “didn’t have to,” sparked outrage amongst users who chastised him thoroughly for what they perceived as arrogance.

Agrawal responded hastily to admit his mistake :

This blunder could not have come at a worse time for the company, when other social media companies are under great scrutiny over how they store and secure their users’ data.

Recently, Twitter admitted to Bloomberg that in 2015 it granted Aleksandr Kogan’s Global Science Research, which is linked to the Facebook – Cambridge Analytica scandal, one-time API access to a random sample of public tweets between a period from December 2014 to April 2015.

More recently, Facebook, Uber, GitHub and Equifax have been publically shamed for their lax approach to data privacy and security, which has been eroding user confidence.



Dominique Profile Picture

Dominique Adams

Staff Writer, DIGIT

Latest News

Cybersecurity Trending Articles
Business Editor's Picks Trending Articles
Editor's Picks Featured Skills Trending Articles
%d bloggers like this: