Skip to content

Twitter Advises All Users to Change Password

Internal bug exposed hundreds of millions of plain text passwords

twitter's logo on a smart phone


After an internal bug exposed plain text passwords, Twitter is advising all of its users to update their login information.

If you’re a Twitter user, you need to change your password. Like, now.

The company announced last night that the passwords for its users — yes, all 336 million of them — had been stored “unmasked” in an internal database. That means that passwords were stored as plain text, with no encryption. Twitter says it recently discovered the bug and that passwords were never exposed to or accessed by any sources outside the company.

Still, it’s advising users to update their passwords. With so many scammers attempting to access all sorts of online accounts, it’s never a bad idea to change your password every so often. So consider this nudge from Twitter as a reminder of that internet-age maxim — and use it as an opportunity to upgrade your account login to a two-factor authentication method, if you haven’t already. Two-factor authentication (Twitter calls it “login verification” in its settings) means you’ll be sent a verification code via text or email each time you log in to the site.

“This is the single best action you can take to increase your account security,” Twitter wrote in a blog post describing the password situation.

Here’s how to change your Twitter password:

  1. Log on with your current username and password.
  2. Click on your profile image in the top right corner and choose Settings and Privacy from the drop-down menu.
  3. On the left side, click Password.
  4. Enter your current password and then enter your new password. You’ll need to confirm your new password by entering it twice.

Here’s how to enable login verification:

  1. Click on your profile image in the top right corner and choose Settings and Privacy from the drop-down menu.
  2. Under Security section on the main settings and privacy page, click Set Up Login Verification.
  3. You’ll be asked to enter your password again.
  4. You’ll be asked to give your cellphone number so that you can receive a code via text message each time you sign in to Twitter.

For added security, it’s also advisable to enable password reset verification by clicking the box on the main Privacy and Settings page that says “Require personal information to reset password." This simply means that in order to change your password at any time you’ll need to provide personal information, and doing so adds a further layer of protection against hackers.

Join the Discussion

0 | Add Yours

Please leave your comment below.

You must be logged in to leave a comment.