Twitter is advising all of its 336 million users to change their passwords after the company discovered an internal data bug that exposed passwords in plain text. Although Twitter says that the glitch has been fixed and that there is no evidence of any breach or misuse, the company is strongly recommending that users change their Twitter passwords (including third-party apps like Twitterrific and TweetDeck) out of an “abundance of caution.”
What exactly was the bug? According to Twitter, there was an error in the system’s bycrpt hashing process — an industry standard that allows systems to validate account credentials without revealing passwords by masking them with a random set of number and letters. Apparently, Twitter’s hashing process glitched and the passwords were being saved to an internal log in plain text, rather than in masked characters.
“Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again,” wrote Twitter’s Chief Technology Officer Parag Agrawal.
Head over to Twitter’s account security update blog post to learn more and share your thoughts in the comments below. For more Twitter drama, Drake, Kendrick Lamar, Travis Scott and more unfollowed Kanye West on Twitter after ‘Ye’s support for Donald Trump.
We are sharing this information to help people make an informed decision about their account security. We didn’t have to, but believe it’s the right thing to do. https://t.co/yVKOqnlITA
— Parag Agrawal (@paraga) 2018年5月3日
- The guardian