Twitter Is Telling All of its Users to Change Their Passwords

If you came to this article from Twitter—stop reading. Go to your settings and change your password. (And then come back.)

Twitter announced May 3, that the passwords of every account—all 336 million of them—had been exposed in an internal log. There’s no indication that anyone’s passwords have been stolen or misused, but in the interest of safety, Twitter is recommending everyone change their passwords.

We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password. https://t.co/RyEDvQOTaZ

— Twitter Support (@TwitterSupport) May 3, 2018

Twitter said the security system it uses to encode and safeguard users’ passwords is an “industry standard.” It blamed the issue on an internal bug that revealed the passwords, for some reason, as plain text. The company also recommended enabling two-factor authentication on all accounts, which is generally a good idea.

The company’s stock price briefly sank in after-hours trading, but has leveled out, down about 1% to $30.30 at the time of publishing.