It’s time to change your Twitter password. Twitter started emailing users on Saturday to let them know that passwords had been inadvertently saved unmasked (in plain text) in internal system logs. This is not a security breach, but Twitter users are advised to create a new password as a precautionary measure.
When you create an account for an online service, your login information is usually masked using a process called hashing so that no one — not even employees of the company or service — can see your password. This ensures that your account is secure, even if internal systems are breached and the data is leaked or revealed in public. But Twitter slipped up by inadvertently storing passwords in plain text.
“We recently identified a bug that stored passwords unmasked in an internal log,” Twitter confirmed in a post on its blog and in emails to users on Saturday. “We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone.”
A similar issue happened recently at GitHub, which, like Twitter, blamed a bug for storing some users’ passwords in plain text — also in an internal log.