Twitter alerts users after squashing password revealing internal bug

Pat Wise
May 5, 2018

Twitter has over 330 million users across the globe and all the passwords are saved with random characters on the systems.

On both the Twitter website and its mobile apps, users need to go to Settings to change their password.

The bug occurred prior to the hashing process and resulted in passwords being stored in a plain text log that Twitter discovered internally.

"Out of an abundance of caution, we ask that you consider changing your password on all services where you've used this password".

Nonetheless, the company is recommending a password reset for its more than 300 million users.

"We are very sorry this happened", the Twitter blog said.

Why the Kentucky Derby odds favor Justify
While Justify is the clear-cut favorite in Saturday's Kentucky Derby , the field is large, and the competition will be strong. The good news for this horse? With such a large field Justify could have trouble maneuvering for position down the stretch.

Canada: Body recovered from inside the wall in Calgary shopping mall
A security guard was directing women to another washroom a floor below, but the men's and family washrooms were still accessible. The women's washroom remained closed until after 3 p.m., when the body, contained in a body bag, was wheeled out on a gurney.

Red Dead Redemption 2: How Hunting Works
Some of the side activities the game may offer were hinted at in the trailer, while others were confirmed by the demo. Rockstar Games' co-studio head, Rob Nelson, recently took up an interview about Red Dead Redemption 2 .

Agrawal apologized for the mishap, noting how the folks over at Twitter "recognize and appreciate the trust you place in us, and are committed to earning that trust every day".

Twitter says it has isolated and resolved the issue, removing any stored passwords and "implementing plans" to ensure the issue does not resurface.

"I'd emphasize that this is not a breach and our investigation shows no signs of misuse", a Twitter spokeswoman said. Turning it on means even if someone does have your password, they can't access your accounts without a second piece of information, like a code texted to your phone. This isn't because there's a high risk that the Twitter passwords have been exposed to bad guys, but simply because what you are doing is unsafe.

The "hashing" process is industry standard, Twitter noted. However, if you potentially use a single password across a number of accounts - Google, Facebook, Microsoft, your bank - you should be petrified. Dan Kaminsky, a well-known security expert who is chief scientist at WhiteOps, tweeted to Agrawal: "You did the fearless thing".

One of the biggest problems is hacking that steals personal data and other information that is then sold on the dark side of the Internet.

Other reports by

Discuss This Article