Twitter Issues Warning after Finding Bug that Stores Unmasked Passwords within Internal Log
Account security is an important matter for users, and
rightly so. Our online profiles often contain sensitive or private information,
and as they are of course associated with an individual, group, or company, any
comments made on such platforms may land the person associated with the account
in some rather hot water. That is why it is somewhat alarming to learn that
Twitter recently identified a bug within their own systems which stored user passwords,
completely unmasked, in an internal log.
In a statement posted to the company’s official blog, Twitter said, “When you set a password for your Twitter account, we
use technology that masks it so no one at the company can see it. We recently
identified a bug that stored passwords unmasked in an internal log. We have
fixed the bug, and our investigation shows no indication of breach or misuse by
anyone.
“Out of an abundance of caution, we ask that you consider
changing your password on all services where you’ve used this password. You can
change your Twitter password anytime by going to the password settings page.”
The same notification was also sent to users via email.
So how exactly did this happen? Passwords stored within
Twitter’s systems, obviously a necessary thing to do to enable verification, are
ordinarily ‘masked’ using a process known as ‘hashing’ facilitated by a
function called bcrypt. The bcrypt function replaces the actual password with a
randomised set of numbers to which the system will refer for validation without
revealing any actual details. The bug Twitter themselves identified was causing
passwords to be stored within an internal log in their original form before the
hashing process was completed. While Twitter insists that their investigation
shows no sign of any issues as a result of the bug, there are nonetheless recommending
that users change their passwords.
In light of this bug being found Twitter have offered the
following tips on account security:
- Change your password on Twitter and on any other service where you may have used the same password.
- Use a strong password that you don’t reuse on other websites.
- Enable login verification, also known as two factor authentication. This is the single best action you can take to increase your account security.
- Use a password manager to make sure you’re using strong, unique passwords everywhere.
Sam
is an aspiring novelist with a passion for fantasy and crime thrillers.
Currently working as Editor of Social Songbird, he hopes to one day drop that
'aspiring' prefix. Follow him @Songbird_Sam
Contact
us on Twitter,
on Facebook, or
leave your comments below. To find out about social media training or
management why not take a look at our website for more info: TheSMFGroup.com
Twitter Issues Warning after Finding Bug that Stores Unmasked Passwords within Internal Log
Reviewed by Unknown
on
Friday, May 04, 2018
Rating:
Reviewed by Unknown
on
Friday, May 04, 2018
Rating:
Unknown
Keeping you up to date on social media, digital marketing, apps, news & reviews. Social media, and digital marketing as a whole, are rapidly and constantly changing, adapting to new developments at an ever increasing rate. Just keeping up to date can be a nightmare. Our team of writers know their field, and keep an ear to the ground. We aim to keep you informed of all recent developments in the online world, and teach you a little something along the way. So whether you just want to stay connected, or gain some knowledge for yourself, the Social Songbird will keep on singing! More articles are posted every day so keep checking back! Join the discussion on Twitter - #SocialSongbird Or contact us directly - @SocialSongbird_
Entrepreneur, international speaker on Social Media Marketing. First one in the UK to write and speak in conferences about Twitter as a marketing tool. Consultant to Corporate Companies, Government Organizations, Marketing Managers and Business Owners.
Aspiring novelist with a passion for fantasy and crime thrillers. He hopes to one day drop that 'aspiring' prefix. He started as a writer and soon after he was made Executive Editor and Manager of the team at Social Songbird. A position he held for 5 years.
Adrienne is a passionate writer with experience in editing, content creation, and social media marketing. She’s a lover of animals, helping others improve their writing, and 2000s pop culture.
Musician, audio technician, professional tutor and a Cambridge university English student. Interested in writing, politics and obsessed with reading.
Recently graduated with a BA in English Literature from the University of Exeter, and he is about to study an MA in Journalism at the University of Sheffield. He is an aspiring journalist and novelist; in his free time he enjoys playing chess, listening to music and taking long walks through nature.
Lucy is an undergraduate BSc Politics and International Relations student at the London School of Economics and Political Science.
Anna Coopey is a 4th year UG student in Classics at the University of St Andrews in Scotland. She is a keen writer and researcher on a number of topics, varying from Modern Greek literature to revolutionary theory.
Ellie is a recent BA English Literature graduate and aspiring publisher with a passion for writing. Her favourite pastimes include reading and shopping.