Twitter Advises 330 Million Users To Change Password After Internal Glitch

Share

But this time, you really need to take immediate action.

Twitter's Agrawal, however, warns that the bug caused users' plaintext passwords to be written to a log before bcrypt completed the hashing process.

Twitter Inc urged its more than 330 million users to change their passwords after a glitch caused some to be stored in readable text on its internal computer system rather than be disguised by a process known as "hashing". Despite this, the social media network is still encouraging the password update as a precaution.

"We recently found a bug that stored passwords unmasked in an internal log", stated a tweet from the official Twitter Support account. It's a bad habit, but we're nearly all guilty. If one of the generated hashes matches a stored hash - obtained by a hacker during a data breach, for example - then the hacker can reverse-engineer the hash and obtain the original password, meaning it's been "cracked".

So, yeah, this isn't a problem you can afford to ignore.

The advancements in technology have created a mobile world that can communicate, work and take care of business at the click of a mouse, a tap of a figure, swipe of a device or a user's voice. "A prompt notification to all users may potentially indicate a certain degree of uncertainty about the integrity of the passwords".

"When in doubt, it is better to have people change passwords than to be wrong", Enderle said.

Reusing passwords is a really bad idea, and just makes life easy for online criminals.

While there has been no breach or misuse of the unmasked passwords, Twitter is recommending all of its users to change their password, including for third-party apps such as TweetDeck and Twitterrific.

It may also be a good idea to enable two-factor authentication - adding another layer of security that'll ensure your password isn't the only thing required to log in to your account.

If you want to be serious about password security, you should get yourself a decent password manager. Once you find one you like, you can upgrade to a paid subscription.

Share