If we learned anything from the Cambridge Analytica x Facebook scandal, it’s that nothing on the internet is safe. In a less stressful, but still annoying announcement on Thursday, Twitter cautioned its more than 330 million users to change their passwords thanks to a bug that exposed them to an internal log.
Via a blog post, Twitter CTO Parag Agrawal explained that none of the passwords appear to have been compromised, but out of “an abundance of caution,” go ahead and change it anyway.
"We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system," Agrawal wrote, explaining how Twitter's password encryption typically works. "This allows our systems to validate your account credentials without revealing your password."
This hashing process was interrupted thanks to a “bug” in the system. “Due to a bug, passwords were written to an internal log before completing the hashing process,” the post reads. “We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.”
A spokesperson from Twitter told Motherboard that this is not a breach, but rather an internal snafu that has resulted in no severe damage. There is no evidence that any passwords left Twitter’s internal system. “We are very sorry this happened,” Agrawal wrote. “We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.”
So, to be on the safe side, you might want to head over to Twitter’s settings page and change that passcode, especially if you use the same password for multiple accounts.