Twitter alerts users after squashing password revealing internal bug

Pat Wise
May 5, 2018

Twitter has over 330 million users across the globe and all the passwords are saved with random characters on the systems.

On both the Twitter website and its mobile apps, users need to go to Settings to change their password.

The bug occurred prior to the hashing process and resulted in passwords being stored in a plain text log that Twitter discovered internally.

"Out of an abundance of caution, we ask that you consider changing your password on all services where you've used this password".

Nonetheless, the company is recommending a password reset for its more than 300 million users.

"We are very sorry this happened", the Twitter blog said.

Free Comic Book Day: where to get a free comic in Perth
For the past 13 years, Alter Ego Comics has provided a day full of fun and excitement for everyone attending. Check with comic shops in the metro area to see if they are participating in FCBD.

Canada: Body recovered from inside the wall in Calgary shopping mall
A security guard was directing women to another washroom a floor below, but the men's and family washrooms were still accessible. The women's washroom remained closed until after 3 p.m., when the body, contained in a body bag, was wheeled out on a gurney.

Under Armour Launches New Trivia App To Celebrate Stephen Curry's Return
The baller rocked a new colorway of his Under Armour Curry 5 signature shoe during his return to game action. Based on the early look UA provided, Steph IQ looks very similar to HQ Trivia and others.

Agrawal apologized for the mishap, noting how the folks over at Twitter "recognize and appreciate the trust you place in us, and are committed to earning that trust every day".

Twitter says it has isolated and resolved the issue, removing any stored passwords and "implementing plans" to ensure the issue does not resurface.

"I'd emphasize that this is not a breach and our investigation shows no signs of misuse", a Twitter spokeswoman said. Turning it on means even if someone does have your password, they can't access your accounts without a second piece of information, like a code texted to your phone. This isn't because there's a high risk that the Twitter passwords have been exposed to bad guys, but simply because what you are doing is unsafe.

The "hashing" process is industry standard, Twitter noted. However, if you potentially use a single password across a number of accounts - Google, Facebook, Microsoft, your bank - you should be petrified. Dan Kaminsky, a well-known security expert who is chief scientist at WhiteOps, tweeted to Agrawal: "You did the fearless thing".

One of the biggest problems is hacking that steals personal data and other information that is then sold on the dark side of the Internet.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER