Twitter is currently warning all of its 330 million users to change their passwords after it found a bug that left user details exposed on an internal system.
Unfortunately, if you use a third party platform to access Twitter, like the now defunked Twittelator Pro, you won't see the warning. This only appears on the original Twitter app.
The company is saying that nobody breached the system and said it was warning users out of an “abundance of caution”, although the warning is disarming for users at a time of heightened concerns over internet privacy.
Twitter said the bug meant that passwords were stored without “hashing”, or encryption. While Twitter does encrypt user passwords, the bug meant they were also accidentally stored in normal text on an internal system, although it's not clear how many passwords were exposed in this way.
Twitter is assuring users it was not breached and that although the passwords were exposed by the glitch there was "no indication of breach or misuse by anyone".
Twitter’s head of technology Parag Agrawal initially tried to play down the bug, saying the company didn’t have to share the news, but later backtracked claiming he thought it was “the right thing to do”.
THE DANGER WITHIN
While the episode appears to have done no lasting damage to Twitter (its shares have remained steady so far) the danger to users from an internal leak are in the spotlight.
Facebook was this week revealed to have fired an employee who described himself as a “professional stalker”, using the company’s user database to search for information on Tinder matches.
Facebook even has a internal system for when an employee accesses another’s account, known as a “Sauron alert”. There is no such warning for users, prompting concerns on how much data social network employees can find on users without them knowing.