Home / Breaking News / Twitter users told to change passwords after internal leak

Twitter users told to change passwords after internal leak

Twitter’s 330 million users are being urged to change their passwords after some were exposed in plain text on its internal network.

An error in the way the passwords were handled meant some were stored in easily readable form, said Twitter.

The passwords should have been put through a procedure called “hashing” making them very difficult to read.

Security experts said the way Twitter handled the potential breach was “encouraging”.
Substantial exposure

The bug caused the passwords to be stored on an internal computer log before the hashing process was completed.

In a blog, the social network said once the mistake was uncovered it carried out an internal investigation which found no indication passwords were stolen or misused by insiders.

However, it still urged all users to consider changing their passwords “out of an abundance of caution”.

Twitter did not say how many passwords were affected but it is understood the number was “substantial” and that they were exposed for “several months”.

Twitter discovered the bug a few weeks ago and has reported it to some regulators, an insider told Reuters.

Twitter users told to change passwords after internal leak

Chief executive Jack Dorsey tweeted to say the “bug” had been fixed.

Independent security expert Graham Cluley said: “It’s quite encouraging that Twitter both found the problem internally, and informed its users quickly and transparently.

“Something similar just happened to Github and I wonder if Twitter’s discovery was caused by them asking: ‘Hey, see that Github problem? Do you think something like that could happen to us?’.”

Image caption Users receive a warning message when logging in to Twitter

Security expert Per Thorsheim, who regularly advises firms about the best password practices, said Twitter should be “applauded for its transparency”.

“The problem they discovered is known since the dawn of logins with passwords,” he told the BBC. “The chance of passwords (or failed passwords) getting logged, in plain text logs available for staff or in worst case, complete strangers, is well known.”

Troy Hunt, who runs the Have I Been Pwned website, which logs breaches, said the error was not something that would worry him because there was no indication that the login passwords were seen outside the company.

Mr Hunt added: “We’ve certainly seen many precedents of simply flaws resulting in data breaches.

“The Red Cross Blood Service in Australia used an outsourcing provider who inadvertently published their entire database to a public web server resulting in Australia’s largest ever data breach,” he said.

All three experts urged users to act on Twitter’s advice and change their password.

Mr Cluley said enabling two-factor authentication that adds another ID check to login attempts would help “harden” accounts.

About Matargashty

Check Also

Jio GigaFiber Broadband Registrations via MyJio

Jio GigaFiber Broadband Registrations via MyJio, JIo.com: Plans, Price, Installation, and More Reliance Jio will …

8 comments

  1. I have checked your page and i’ve found some duplicate content, that’s
    why you don’t rank high in google, but there is a
    tool that can help you to create 100% unique articles, search for: SSundee advices unlimited content
    for your blog

  2. One thing I’d prefer to say is the fact that car insurance cancellations is a feared experience and if you’re doing the appropriate things being a driver you won’t get one. A lot of people do obtain the notice that they are officially dropped by their insurance company they then have to fight to get further insurance after a cancellation. Low cost auto insurance rates tend to be hard to get following a cancellation. Knowing the main reasons with regard to auto insurance cancelling can help motorists prevent sacrificing one of the most vital privileges accessible. Thanks for the tips shared through your blog.

  3. Some tips i have continually told persons is that when you are evaluating a good internet electronics retail store, there are a few components that you have to consider. First and foremost, you want to make sure to discover a reputable along with reliable retail store that has obtained great evaluations and rankings from other buyers and marketplace people. This will ensure you are getting along with a well-known store to provide good support and support to their patrons. Many thanks sharing your notions on this site.

  4. very good post, i definitely love this web site, carry on it

  5. I’m quite certain I’ll learn lots of new stuff right

  6. I have been exploring for a bit for any high-quality articles or weblog posts on this sort of house . Exploring in Yahoo I at last stumbled upon this web site. Reading this information So i’m happy to convey that I have an incredibly just right uncanny feeling I discovered exactly what I needed. I such a lot undoubtedly will make certain to don’t overlook this site and provides it a look on a constant basis.

  1. Pingback: Google

Leave a Reply

Your email address will not be published. Required fields are marked *

en_USEnglish
hi_INHindi en_USEnglish