// Twitter Issues Warning after Finding Bug that Stores Unmasked Passwords within Internal Log - Social Songbird


Latest News


Twitter Issues Warning after Finding Bug that Stores Unmasked Passwords within Internal Log

Account security is an important matter for users, and rightly so. Our online profiles often contain sensitive or private information, and as they are of course associated with an individual, group, or company, any comments made on such platforms may land the person associated with the account in some rather hot water. That is why it is somewhat alarming to learn that Twitter recently identified a bug within their own systems which stored user passwords, completely unmasked, in an internal log.

In a statement posted to the company’s official blog, Twitter said, “When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it. We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone.

“Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password. You can change your Twitter password anytime by going to the password settings page.”

The same notification was also sent to users via email.

So how exactly did this happen? Passwords stored within Twitter’s systems, obviously a necessary thing to do to enable verification, are ordinarily ‘masked’ using a process known as ‘hashing’ facilitated by a function called bcrypt. The bcrypt function replaces the actual password with a randomised set of numbers to which the system will refer for validation without revealing any actual details. The bug Twitter themselves identified was causing passwords to be stored within an internal log in their original form before the hashing process was completed. While Twitter insists that their investigation shows no sign of any issues as a result of the bug, there are nonetheless recommending that users change their passwords.

In light of this bug being found Twitter have offered the following tips on account security:
  1. Change your password on Twitter and on any other service where you may have used the same password.
  2. Use a strong password that you don’t reuse on other websites.
  3. Enable login verification, also known as two factor authentication. This is the single best action you can take to increase your account security.
  4. Use a password manager to make sure you’re using strong, unique passwords everywhere.

Sam is an aspiring novelist with a passion for fantasy and crime thrillers. Currently working as Editor of Social Songbird, he hopes to one day drop that 'aspiring' prefix. Follow him @Songbird_Sam

Contact us on Twitter, on Facebook, or leave your comments below. To find out about social media training or management why not take a look at our website for more info: TheSMFGroup.com

Twitter Issues Warning after Finding Bug that Stores Unmasked Passwords within Internal Log Reviewed by Unknown on Friday, May 04, 2018 Rating: 5

No comments:

All Rights Reserved by Social Songbird © 2012 - 2020

Contact Form


Email *

Message *

Powered by Blogger.