Twitter recommends changing your password after internal audit shows they stored it in plain text

Security / Tech
Twitter

Twitter also mentions that the internal bug has been fixed and that no passwords were actually compromised.

The news that websites, apps, or online services getting hacked or user passwords being leaked really isn’t news anymore considering the frequency it happens. The latest service to urge you to change your passwords immediately is Twitter. Due to a bug discovered during an internal audit, the company found a bug that stored unmasked user passwords in an internal log.

For those not password savvy, there are a number of methods to encrypt and secure passwords. When passwords are stored unmasked, or in plain text, anyone who has access to that file can see the password of every user contained within it. While Twitter uses a hashing (masking) function for user passwords, as they should, in this case, passwords were being stored internally unmasked.

We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system. This allows our systems to validate your account credentials without revealing your password. This is an industry standard.

Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.

Twitter also mentions that the internal bug has been fixed and that no passwords were actually compromised.

We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone.

So even though the social media company says that no passwords were compromised, it’s still a good idea to change yours if you haven’t already. Not to mention, you should be in the habit of changing your passwords regularly and using unique passwords for each service or website you have a login for. If a service has two-factor authentication, like Twitter does, you should also enable that for added account security. You can easily change your password on your Twitter settings page.

Let us know in the comments below or on Google+, Twitter, or Facebook.

  Source: Twitter
Comments
To Top