Twitter is asking all its 336 million users to change their passwords after discovering an internal bug that may have put the passwords of all Twitter users at risk by saving them in the clear.
Twitter is asking all its 336 million users of change their password after discovering an internal bug that may have put them at risk password of all Twitter users.
Twitter at risk the passwords of all users
Parag Agrawal, Chief Technology Officer, wrote in a post on the official blog that the company recently discovered a bug in the process of storing passwords for which they were stored in plain text on Twitter's internal logs, thereby exposing passwords to potential risks.Here is how Twitter explains it, in an email sent to all Italian users:
When you set the password for your Twitter account, we use a technology that obscures it so that no employee of our company can see it. We recently identified a bug that stored unencrypted passwords in a log that was used for internal purposes. We have resolved the bug in question and, through our investigations, we have found that no one has committed violations through this bug or used it improperly.
As a precaution, we advise you to change your password on all the services where you have used this password. You can change your Twitter password at any time from the password settings page.
We obscure passwords through a coding process that uses a function called "bcrypt", which replaces the actual password with a series of random numbers and letters that is stored in our systems. It allows our systems to validate your account credentials without revealing the password. It is an industry standard.
Due to a bug, passwords were recorded in a log that was used for internal purposes before the encoding process was completed. We found this error ourselves, removed passwords and implemented precautions so that this bug does not manifest itself again.
Twitter at risk the passwords of all users, better change it
Twitter says the bug was discovered internally and there is no reason to believe that anyone outside the company was able to access unmasked passwords. Regardless of this, the company advises all users to consider changing their Twitter passwords, and changing them on any other site where they may have used their own Twitter password.
What to do with the Twitter password
1. Change password on Twitter and on any other service where you may have used the same password.
2. Use a complex password that you haven't already chosen for other services.
3.Enables access verification, also known as two-factor authentication. This is the only action par excellence that you can take to increase the security of your account.
4. Use a password management tool to make sure all your passwords are complex and unique.
In his email to Twitter users he apologizes for the incident:
We are really sorry about this. We are grateful and appreciate the trust you give us and we constantly strive to earn it day by day.