Twitter users might need to take some precautionary measures after receiving an urgent notice from the company to change their passwords. According to Twitter's Support team, the developers have recently found a bug in their system which stores passwords in a plain text document on their internal system. The company also stated that there are no signs of breach or misuse but in order to be 100% safe, users should change their passwords and if they are using the same password on any other service, they should change those too.
Twitter's chief technology officer, Parag Agrawal said that everyone in the company is very sorry for this situation and that they recognize the trust their users have in this platform and they will keep working to earn that trust every day. Agrawal also said that users can add an extra layer of protection by enabling two-factor authentication on their Twitter accounts and use the password manager on their devices to generate strong and unique passwords.
The Guardian says that it is a good security practice for companies to keep users' passwords in a form that cannot be read. This is why Twitter uses a process called "hashing" which involves using a function known as "bcrypt" to mask these passwords from anyone. This way, passwords are replaced with a random set of letters and numbers and stored in Twitter's system. However, because of this particular bug, passwords were written in a plain text document which made them visible on the internal system. Luckily, Twitter's staff had found the bug themselves so the possibility of this error being exploited is very low. The company is also assuring their users this won't happen again since they have strengthened their security system.