Twitter Asks 330 Million Users to Change Their Password—What Happened?

Yesterday, Twitter disclosed a bug that left 330 million user passwords exposed in plaintext in an internal log. Twitter has been adamant that there has thus far been no breach or evidence of misuse; rather, a bug in their system meant that someone could have accessed those passwords.

Any scenario where user passwords are stored in plaintext should be taken seriously, and Twitter has been taking it seriously, notifying users across devices and mediums (on platform and over email) to urge them to change their passwords. This includes changing the password for any other services that reuses your Twitter password.

Here’s an example of Twitter notifying users on their mobile device after login:

What You Can Do To Protect Yourself

Twitter’s recommendations are as follows:

1. Change your password on Twitter and on any other service where you may have used the same password.
2. Use a strong password that you don’t reuse on other websites.
3. Enable login verification, also known as two factor authentication. This is the single best action you can take to increase your account security.
4. Use a password manager to make sure you’re using strong, unique passwords everywhere.

Do you use Dashlane? If so, things are really simple:

Thankfully, with Dashlane, you can easily update your Twitter password and ensure it is not shared across any other accounts.

1. To update your Twitter password and ensure account security, use Password Generator (instructions here) to create a strong new password for your Twitter account. 
2. To see a list of your reused passwords, you can go into your Security Dashboard, located on the left side of your Dashlane desktop app. From there you can replace passwords in one-click.
3. Dashlane users received a Security Alert for twitter.com if they had a Twitter credential saved in their Dashlane account. This is another way Dashlane makes securing your accounts quick and simple after an account has been potentially compromised.
4. If you aren’t already, you should enable two-factor authentication on all of your sensitive accounts. If you’re a Dashlane user, you can do this directly in Dashlane by following these instructions. Sensitive accounts include: your bank, email, social media, and any other accounts that store sensitive personal or payment information.

Twitter’s Proactive Approach

Twitter has been very proactive in communicating the problem and solution with its users. It’s nice to see companies take responsibility for their actions and notify users quickly and provide them with details of what happened and what steps they can take to secure their account and information.

Their blog ended with this apology: “We are very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.”