Skip to content

May 4, 2018

Twitter warns all users to change passwords following internal bug

by John_A

Twitter announced today that a bug allowed users’ passwords to be stored internally without being masked. When things are working correctly, Twitter stores hashed passwords, turning them into random letters and numbers so that no one at the company can see what any user’s password is. But a bug caused passwords to be stored within an internal log before the hashing process was complete. Twitter says that it spotted the problem itself and fixed it. But while it claims there has been no evidence that the passwords were misused or that they left the company’s systems, Twitter is recommending that everyone change their passwords just to be safe.

We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password.

— Twitter Support (@TwitterSupport) May 3, 2018

In a blog post about the issue, Twitter suggests its users also use a strong password that’s not used on other sites, enable two-factor authentication and use a password manager to keep track of unique passwords — typical recommendations for online security. The company said that the password problem was uncovered recently, but didn’t say exactly when or how long the passwords had been exposed.

“We are very sorry this happened,” Twitter said. “We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.”

Source: Twitter

Read more from News

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

%d bloggers like this: