You need to change your Twitter password.
Due to a “bug” in its system, some 330 million Twitter users’ passwords may have been temporarily exposed, CTO Parag Agrawal announced on the official Twitter blog on Friday morning afternoon.
Twitter says it corrected the error in its system, which left passwords viewable in plaintext rather than properly scrambled, but it is still urging all users to change their password.
We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password. https://t.co/RyEDvQOTaZ
— Twitter Support (@TwitterSupport) May 3, 2018
Agrawal explained the snafu in the blog post, writing that although Twitter protocol is to use hashing to mask passwords, a “bug” caused users’ to be “written to an internal log before completing the hashing process.” This internal log is not encrypted, and the data, unprotected by hashing, was temporarily exposed.
I’m sorry that this happened, but am proud to work at a company that puts people who use our service first.
— Parag Agrawal (@paraga) May 3, 2018
Bottom line: Go change your password. Now.