Snippet: If You Use Twitter, Change Your Password ☇

Twitter CTO Parag Agrawal:

When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it. We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone.

The original title for this post was “Keeping your account secure,” which is a fun way to avoid stating that passwords were made easily-accessible. I’ll yield Nick Heer’s take:

Interestingly enough, this was posted with the title “Keeping your account secure”, as opposed to a more accurate headline, like, “Oops, we stored your password in plain text”, or “We know the president’s password, for real”.

The euphemistic and misleading headline upsets me. What’s even more worrying is Agrawal’s reaction in a tweet:

We are sharing this information to help people make an informed decision about their account security. We didn’t have to, but believe it’s the right thing to do.

I have a problem with this because it makes it sound that this is the fat-free, low-carb, better-for-you option when phrased that way. Any business that holds user data and suffers some sort of data breach or mishandling has an obligation to those who have a relationship with it, to disclose that information in a reasonable amount of time. Although there’s always the debate with how social networks view users as a customer or product, I think Twitter did the only thing they should have done with disclosing this information.

I’ve already deleted an account on one social network this week, don’t make me consider a second, Twitter.