Twitter discovered a bug that saved user passwords unprotected on an internal log, so every employee that has access to that log could see the passwords in plain text. If this information was leaked, you can be sure it is for sale and cybercriminals are buying. Passwords are typically hashed when stored on internal servers which is a form of encryption that prevents anyone, even company employees, from being able to see the data by showing random characters and not the actual password. If hashed data is breached, it is far less likely that it will ever be usable. In the announcement Thursday, Twitter said the issue has been resolved and there was no evidence that passwords were leaked or misused, but still is urging its users to update their passwords by Tweeting: "As a precaution, consider changing your password on all services where you've used this password."
They key to this announcement is that users change passwords on every service that the same Twitter password was used. Why you may ask? Well it’s a standard tactic by cybercriminals to use breached passwords on every major service through brute force attacks. This is when a program takes the passwords and bombards website login pages hoping that users used the same password for Twitter as they did for PayPal, Amazon, online banking, or any other service. Since many user names are email addresses, it is very simple for cybercriminals to put two and two together to get a legitimate login.
Twitter is also recommending that two-factor authentication is turned on. This is a great layer of security that many people neglect because of the extra step it takes to login. That is a shame, because this really is a great way to secure all accounts and is urged by all cybersecurity experts to be used.
To minimize any single breach, it is important to create a unique password for every service. This way your only exposure is to the service that was breached and that is quickly resolved when that one password is changed. There are ways to have unique passwords and easily remember them. The below infographic walks you through one of the methods that works well.