Image by Gerd Altman
Twitter is urging users to change their passwords after a bug caused passwords to be written unencrypted to an internal log before being masked through bcrypt hashing. The company didn’t release details about how many of the 330 million active Twitter accounts were affected.
Although Twitter said that it found the error on its own and that its investigation failed to turn up any indication of a breach or misuse, the company suggests that you should still change your password. If you used that password on any other Web sites, change it there too. Situations like this show why reusing passwords is a bad idea—rely on a password manager so every site can have a unique strong password.
Enabling two-factor authentication would also protect your account even if your password was compromised. Given the trouble that someone could cause for you if they had access to your Twitter account, we recommend two-factor authentication for Twitter more than for many other Internet services.