1 min read

Twitter Plain Text Password Bug Prompts Users for Immediate Password Change

Liviu ARSENE

May 04, 2018

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Twitter Plain Text Password Bug Prompts Users for Immediate Password Change

Twitter has warned its 330 million users to immediately change their passwords, as a result of a bug that caused passwords to be logged in plaintext before being hashed. Although Twitter says passwords are stored using the bcrypt hashing algorithm, it seems they were inadvertently placed in an internal log before being hashed.

“We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter”s system,” reads the Twitter blog post. “Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.”

The vulnerability does not appear to have been misused by cyber criminals nor have Twitter”s systems been breached or misused to access these plaintext passwords. However, because the blog post seems to encourage all Twitter users to change their passwords, it is believed that the number of potentially affected accounts is significant, and the vulnerability may have been present for months before it was detected.

“Out of an abundance of caution,” the social network strongly advises users to immediately change their account passwords, while also enabling two-factor authentication for additional security. Twitter also emphasizes that the vulnerability has been addressed, while apologizing for the incident.

“We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone,” reads the blog post. “We are very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.”

Twitter is the second company this week to reveal the existence of a “bug” in its password management systems, with GitHub announcing a similar vulnerability just days ago. From their description and warning to users, the two companies seem to have experienced the same type of password security issue.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Common Credentials Criminals Use in IoT Dictionary Attacks Revealed Common Credentials Criminals Use in IoT Dictionary Attacks Revealed
Silviu STAHIE

November 30, 2021

3 min read
Interpol Busts 1,000 Cyber Crooks and Recovers $27M in Massive Fraud Crackdown Interpol Busts 1,000 Cyber Crooks and Recovers $27M in Massive Fraud Crackdown
Filip TRUȚĂ

November 29, 2021

2 min read
Social media firms will be forced to unmask online trolls, says Australia Social media firms will be forced to unmask online trolls, says Australia
Graham CLULEY

November 29, 2021

2 min read