X (Twitter) — Data Breach

moderateAnti-PrivacyJun 18, 2017 → May 3, 2018Data Breach

Executive Summary

Twitter disclosed that a bug had caused all 336 million users' passwords to be written in plaintext to an internal log before being hashed. The passwords were stored in readable form on internal systems and could have been accessed by employees. Twitter urged all users to change their passwords and said it had fixed the bug and found no evidence of misuse.

Post LinkedIn Reddit Email

user-rights data-breach

What Happened

On May 3, 2018, Twitter disclosed that a bug in its systems had caused passwords for all 336 million users to be written in plaintext to an internal log before the normal hashing process occurred. These readable passwords were stored on internal systems where Twitter employees could potentially have accessed them. Twitter stated it had fixed the bug and found no evidence that the passwords were misused or accessed improperly.

Who Is Affected

All 336 million Twitter users at the time were affected by this incident. Any user who had a Twitter account when the bug was active had their password potentially exposed in readable form on Twitter's internal systems.

Why It Matters

This incident represents a significant failure in basic password security practices, as passwords should never be stored in plaintext form even temporarily on internal systems. The scale of 336 million affected users and the potential for employee access to readable passwords highlights substantial risks in how user credentials were handled. Even without evidence of misuse, the exposure created a window of vulnerability for all Twitter accounts during the period the bug was active.

What You Should Do

Change your Twitter password immediately if you have not already done so since May 2018. If you used the same password on other websites or services, change those passwords as well to ensure your accounts remain secure. Enable two-factor authentication on your Twitter account for an additional layer of security beyond just your password.

AI-Assisted

Event summaries are generated by Claude AI from verified sources and reviewed by humans before publication.

Sources

Related Events

X (Twitter) — Policy ChangeMay 25, 2018
Twitter updated its privacy policy globally in response to the EU's General Data...