Twitter Issues Warning after Finding Bug that Stores Unmasked Passwords within Internal Log


Account security is an important matter for users, and rightly so. Our online profiles often contain sensitive or private information, and as they are of course associated with an individual, group, or company, any comments made on such platforms may land the person associated with the account in some rather hot water. That is why it is somewhat alarming to learn that Twitter recently identified a bug within their own systems which stored user passwords, completely unmasked, in an internal log.

In a statement posted to the company’s official blog, Twitter said, “When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it. We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone.

“Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password. You can change your Twitter password anytime by going to the password settings page.”

The same notification was also sent to users via email.

So how exactly did this happen? Passwords stored within Twitter’s systems, obviously a necessary thing to do to enable verification, are ordinarily ‘masked’ using a process known as ‘hashing’ facilitated by a function called bcrypt. The bcrypt function replaces the actual password with a randomised set of numbers to which the system will refer for validation without revealing any actual details. The bug Twitter themselves identified was causing passwords to be stored within an internal log in their original form before the hashing process was completed. While Twitter insists that their investigation shows no sign of any issues as a result of the bug, there are nonetheless recommending that users change their passwords.

In light of this bug being found Twitter have offered the following tips on account security:
  1. Change your password on Twitter and on any other service where you may have used the same password.
  2. Use a strong password that you don’t reuse on other websites.
  3. Enable login verification, also known as two factor authentication. This is the single best action you can take to increase your account security.
  4. Use a password manager to make sure you’re using strong, unique passwords everywhere.

Post a Comment

[blogger]

Author Name

Free Gift

Free Gift
Get immediate access to our in depth video training on the click by click steps required to get your successful online business started today

Contact Form

Name

Email *

Message *

Powered by Blogger.