top of page

Tweeting On Thin Ice: The Password Glitch That Shook Twitter

In an era where digital security breaches can have monumental impacts, the importance of safeguarding user data cannot be overstated. A significant event that highlights this occurred in 2018 when Twitter, a global social media platform with over 330 million users, encountered a glaring security vulnerability. This incident revolved around the mishandling of user passwords, a fundamental breach of privacy and security protocols.

The Issue At Hand

At the heart of the problem was a bug within Twitter's logging system that stored user passwords in plain text. Normally, passwords undergo a process called hashing, where they are converted into a unique set of characters, also known as “masking”, by an algorithm, significantly enhancing security. Twitter utilises bcrypt, a hashing algorithm designed to secure passwords effectively. However, due to the bug, passwords were logged in their raw form before the bcrypt hashing process.

Discovery and Potential Downfalls

The internal discovery of this flaw displayed the potential risks associated with minor oversights in handling sensitive data. Had these plaintext passwords been accessed by unauthorized parties, the consequences would be dire, ranging from unauthorized account access to broader security breaches involving multiple platforms, especially for users who have the same password across different services.

Mitigation and Recommendations

Upon identifying the bug, Twitter acted swiftly to rectify the issue, ensuring no further logging of passwords in plaintext. The company transparently communicated with its user base about the incident, while noting that there was no evidence of breach or misuse. Despite this assurance, Twitter recommended that all users change their passwords not only on their platform but also on any other services where the passwords were repeated. This precautionary advice aimed to mitigate potential risks stemming from the incident. Additionally, Twitter advocated for the adoption of two-factor authentication (2FA), offering an extra layer of security beyond the traditional password.


The Twitter password incident serves as a reminder of the vulnerabilities which can be present inherently in digital systems and the continuous need for awareness in digital security practices. It highlights the importance of employing strong, unique passwords for different online services and the added security benefits of two-factor authentication. For companies, it shows the necessity of rigorous security protocols and the value of transparency in gaining trust among users. As digital citizens, we must remain aware regarding the security of our online presence, adapting proactive measures to safeguard our digital lives.


bottom of page