Twitter users received a security alert letter from the social network on May 4, saying that the company detected a software bug that led to user passwords being recorded in the journal in unencrypted form. Twitter has reassured its users that according to their information, no one obtained access to that journal, but has still asked users to change their passwords.
The social network hasn't specified for how long that bug has been in existence, but a Reuters source familiar with the company claimed it was there for several months.
One thing missing from Twitter's security email: How "recently"? (i.e. how long were these logs kicking around). I don't often enter password in the clear as browser is authed. Assuming they blanket-alerted all users?— 𝕋𝕚𝕞 𝕎 (@timwhitlock) 4 мая 2018 г.
Twitterians reacted differently on the news, with most of them urging their friends to follow the advice and change passwords and thanking the company for coming forward with the problem, not waiting for whistleblowers to do the job.
A'ite, due diligence done. Revoked all of my Twitter logins and reset my password. Took ~30 seconds. Go do the same y'all!— Steve Wright (@ste_wr) 4 мая 2018 г.
Did anyone actually change their twitter password?— Adeeb (@Adeeb_PawsUp) 4 мая 2018 г.
Twitter is asking you to change your password, the good news is I don't even know my old password 🤷🏻♀️— Orla Cassley (@orfala_cass) 4 мая 2018 г.
However, some people were skeptical about the news and slammed the company for making such a sloppy mistake.
Can anybody trust twitter about this password thing??— Liam Lavery (@llavery88) 4 мая 2018 г.
Jesus Christ @Twitter plain text password storage? That has always been wrong. wtf get your shit together— Etch (@etchmo) 4 мая 2018 г.
A few even went further, suggesting that company already had access to their accounts anyway (and probably would give it out to government agencies, according to some twitterians) and thus claimed there is no point in changing passwords anyway.
When you change your #Twitterpassword, please remember to tell us what your new password is. Thank you.— BND (@bundesd) 4 мая 2018 г.
That's a great question. Perhaps Jack has created the necessary backdoors for the CIA/NSA/FBI, etc so that they no longer need our passwords.— Colonial/Imperialism Unmasked ⏳ (@SeitanicXVX) 4 мая 2018 г.
The information about the security bug comes amid the ongoing scandal around Facebook, whose users' data ended up in hands of Cambridge Analytica. The latter might have used the data to sway voters' mood in various elections. Currently, the UK is investigating the alleged use of this data to affect the Brexit referendum vote.