1 min read

Twitter Plain Text Password Bug Prompts Users for Immediate Password Change

Liviu ARSENE

May 04, 2018

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Twitter Plain Text Password Bug Prompts Users for Immediate Password Change

Twitter has warned its 330 million users to immediately change their passwords, as a result of a bug that caused passwords to be logged in plaintext before being hashed. Although Twitter says passwords are stored using the bcrypt hashing algorithm, it seems they were inadvertently placed in an internal log before being hashed.

“We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter”s system,” reads the Twitter blog post. “Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.”

The vulnerability does not appear to have been misused by cyber criminals nor have Twitter”s systems been breached or misused to access these plaintext passwords. However, because the blog post seems to encourage all Twitter users to change their passwords, it is believed that the number of potentially affected accounts is significant, and the vulnerability may have been present for months before it was detected.

“Out of an abundance of caution,” the social network strongly advises users to immediately change their account passwords, while also enabling two-factor authentication for additional security. Twitter also emphasizes that the vulnerability has been addressed, while apologizing for the incident.

“We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone,” reads the blog post. “We are very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.”

Twitter is the second company this week to reveal the existence of a “bug” in its password management systems, with GitHub announcing a similar vulnerability just days ago. From their description and warning to users, the two companies seem to have experienced the same type of password security issue.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read