It is urging its users to immediately change their passwords. Their CTO bleated:
“We are sharing this information to help people make an informed decision about their account security. We didn’t have to, but believe it’s the right thing to do.” Parag Agrawal
“Didn’t have to”? What the actual? No Parag, you didn’t legally have to, but in this day and age when you make a cock up as big as this, ‘fess up to it man!
Now, not surprisingly, Twitter has said there’s no evidence of any Naughty People getting hold of the unhashed passwords, but they would say that, wouldn’t they?
Twitter reckons they found the bug responsible for storing the passwords in a plaintext log all on their own and it is working to make sure the same snafu doesn’t happen again. Well, that’s nice, isn’t it?
On Thursday this week, it was change your password day, and this mess is just another stark reminder not to use the same password for everything, to use strong passwords and the best idea is to use a password manager like last pass or 1password. I know I sound like a broken record, but this stuff is really important.
My brother (a Comp Sci PhD) went on and on about getting me to switch to 1pass for years. I went yeah yeah a lot. Then my gmail got hacked. And because I stupidly used the same password on a lot of services, I had a panic filled half day going through everything to make sure I was safe. If I had been using 1pass since he told me to, I wouldn’t have had the issue in the first place. I was lucky, no real harm happened to me aside from a spammer getting my address book, but it could have been a lot, lot worse. So, learn from my mistake and start using a password manager. Now.