Twitter is urging all of its 330 million users to change their passwords. Twitter support found a bug that stored unmasked passwords in an internal log. Meaning, all the passwords were visible in plain text.
The passwords, in their plain form, were stored in an internal log inside of their database. This left the passwords vulnerable to hackers.
“We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password,” Twitter tweeted on Thursday.
We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password. https://t.co/RyEDvQOTaZ
— Twitter Support (@TwitterSupport) May 3, 2018
Along with this statement, they also said that they have already resolved the problem. An internal investigation by their team found no indication that the passwords were stolen or used by anyone working for Twitter Inc.
How It Happened:
Twitter uses a process called as hashing which replaces the text of the actual password with a random set of numbers and alphabets. This allows Twitter to validate account’s credentials without revealing the actual password. Due to a bug, the passwords were being stored in an internal log before they were sent for hashing.
Parag Agarwal, CTO of Twitter, said that the bug was discovered internally without the help of outside security researchers and the exposed passwords were removed from the internal logs.
He did not mention the number of users that are affected but claims are made that a large amount of data was being stored for a period ranging from several months. This certainly affects active Twitter users.
It is recommended for users like me who use the same password for various social media or other sites, to change the password everywhere. Although it would be safer for everyone to do it.
To make your account even more secure you can also activate Twitter’s two-factor authentication services. It requires a six-digit access code along with your password to log into your twitter account every time.
Though it would take an extra few seconds, it will surely make your account much more secure.
The data handling of major companies is now being scrutinized by lawmakers and regulators as this is another major incident after the blunders at Equinox, Facebook, and Uber.
The ‘General Data Protection Regulation’ the new privacy law of EU is due to start later this month which will include a steep fee for violators.
Ironically, Twitter’s password mishap was announced on the corporate holiday known as World Password Day.
Image Credits: Google Images
You Would Also Like To Read: