Twitter Suggests You Change Your Password After They’re “Unmasked in an Internal Log”

Do you know your Twitter password by heart? That’s great, but the problem is there may be more people than you that know it as well. The social network has announced that stored passwords were “unmasked” by a bug in an internal log.

How does this affect your account? Does this mean someone else is now in possession of your password? What can you do to protect yourself moving forward? We’ll take a look at the situation in this article and what Twitter suggests you do to protect your account.

This bug was announced in the Twitter blog. To soften the blow, Twitter initially explained that they have every intention of keeping your password safe.


Twitter uses a technology that “masks” the password you set for your Twitter account. This ensures that no one at the social network can see it and is designed to keep your account secure.

We mask passwords through a process called hashing using a function known as bcrypt,” explained the blog, “which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system. This allows our systems to validate your account credentials without revealing your password. This is an industry standard.

They found that with this bug passwords were written to an internal log before the hashing process was finished. After they found the error, they removed the passwords. They stress that it does not appear that the passwords were breached or misused at all. Yet, the folks at Twitter are working on making sure this never happens again.


Stressing that nothing seems to have been compromised, Twitter is doing everything to be sure it doesn’t happen again, and they want users to do the same. They suggest you take the following steps.

  • Change your password on Twitter itself and also on any other app or website where you used the same password.
  • Be sure to choose a strong password that is not used on other apps or websites.
  • Use two-factor authentication, also know as login verification. They believe it’s the best thing you can do to remain secure.
  • To be sure you’re using strong and unique passwords always and in all situations, use a password manager.

Twitter ends the blog saying, “We are very sorry this happened. We recognize and appreciate the trust you place in us and are committed to earning that trust every day.

They seem to have done everything they could in this situation after they found the bug. There have been services in the past who had similar or worse compromises that didn’t have full disclosure, so that much is appreciated, that they not only took care of it but were honest with users once they found it instead of hiding it. They seem to be doing everything they can to fix it and to make sure users are protected better moving forward.

What are your thoughts on this? Will this change your use of Twitter in the future? Or are password compromises becoming so commonplace that it’s no big deal anymore? Let know what you think!

Leave a Reply

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.