Twitter advising its users to change passwords after bug found

A phone displaying the Twitter app

Instead of Tweets, Twitter users were greeted by a warning from the social media company highly recommending them to change their passwords.

Twitter says that issue has been fixed, and there's no evidence the passwords were leaked or misused. What that means exactly is instead of your password showing as the user created it, its stored jumbled up into a combination of random letters and numbers so no one in the company can see your password.

The company has yet to unveil or possibly determine how many passwords were stored in the log. Twitter did not comment on the matter when the bug was discovered, or how long it had been storing passwords in this manner.

The company also said it is taking steps to ensure the bug does not happen again.

In a blog post explaining the glitch, Twitter CTO Parag Agrawal said: 'Due to a bug, passwords were written to an internal log before completing the hashing process. "This is an industry standard".

What is a bit alarming is that, although Agrawal assured in the press release that the company has no reason to believe that anyone got ahold of the password data, the exposed passwords (which the company called "substantial") were exposed for "several months", per Reuters.

Change your password on Twitter and on any other service where you may have used the same password.

In 2010, the U.S. Federal Trade Commission settled with Twitter after accusing it of "serious lapses" in data security, allowing hackers to access user data.

Mr Cluley said enabling two-factor authentication that adds another ID check to login attempts would help "harden" accounts.

"We recognise and appreciate the trust you place in us, and are committed to earning that trust every day".

Related:

Comments


Other news