Vulnerability: Twitter passwords stored in plain text

Twitter recently announced that all 300+ million user passwords have been exposed by being stored in plain text, without any encryption technology protecting the data.

Twitter uses a password encryption technology known as “bcrypt”. Bcrypt leverages a password hashing functionality so that the system can validate the account authentication without revealing the password. The culprit of the exposure was an internal bug in the Bcrypt system. The bug caused the passwords to be written to the log prior to the completion of the password hashing process and stored in plain text.

Twitter CTO Parag Agrawal reported that an internal investigation has already identified and fixed the error. Agrawal explained that no evidence of the passwords being misused or leaving the system had been observed.

Proficio Threat Intelligence Recommendations:

  • Change your Twitter password immediately and on any other site you may have used the same password
  • Do not reuse duplicate passwords for individual accounts
  • Enable two factor authentication


General Info- Click Here

Recent Blog Posts

Stay Ahead of Evolving Threats

Sign up for our free newsletter and receive invaluable threat notifications from our Threat Intelligence team.

By submitting this form, you agree to the Proficio Website Terms of Use and the Proficio Privacy Policy.


Experience Tomorrow’s
Security Today

Request a Demo and Experience Proficio's
Innovative Solutions in Action.

By submitting this form, you agree to the Proficio Website Terms of Use and the Proficio Privacy Policy.