Twitter revealed on May 3, 2018 that the company stored user passwords in plain text for a considerable amount of time. The company patched the issue and investigated potential breaches but concluded that there was "no indication of breach or misuse by anyone".
User passwords were "written to an internal log before completing the hashing process". While Twitter's investigation did not find indicators for abuse, it recommends that all Twitter users change account passwords and implement additional security protections if not activated already on the account.
This guide walks you through the steps of changing the Twitter account password. It furthermore points to additional security protections that you may want to enable on the account to improve security significantly.
Complete the following steps to change your Twitter account password:
Twitter checks if apps are linked to the account and suggests to review the applications. It is recommended that you do so as you may want to revoke access to any application which you don't use anymore.
While changing the password is all that is required to protect the account from potential abuse of Twitter's faux pas, you may want to consider enabling login verification on top of that.
Login verification is a two-factor authentication scheme that adds a second verification step to the login on Twitter.
Note: Twitter sends SMS with codes to your phone when you sign in and you need to type the code to authenticate. It is required that you link the Twitter account to a phone because of that.
Here is how you enable the option:
When you sign in to Twitter after setting up login verification, you start the process as usual but are asked to enter the code sent to your mobile phone in a second login verification step.
Now You: Do you use Twitter actively?
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.