Twitter advises users to change passwords after patching a bug

A bug was discovered on Twitter’s internal computer system that unintentionally exposed as user passwords were stored unmasked in an internal log.

Twitter disclosed this issue yesterday on an official blog post and in a series of Tweets form Twitter Support.

Twitter hashes passwords using a function known as bcrypt. It replaces an actual password with a random set of numbers and letters and then stored inside their computer systems. This allows the social media company to validate users’ credentials without exposing actual passwords in a way that even Twitter employees can’t see them.

When the bug was discovered, an internal investigation conducted right away and they  found no indication that this was exploited or was caused by an insider breach.

“We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again. We are very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.” Twitter CTO Parag Agrawal said.

With this, consider changing your Twitter password and enable 2-factor authentication just to be on the safe side.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s