A bug in Twitter's system has allowed users' passwords to be exposed in plaintext.
 |
| Twitter urges users to change their passwords now. |
By Ken Manbert Salcedo, International Business Times
Twitter has alerted all of its users to change their passwords
immediately. Twitter said that its users’ passwords were exposed in
plaintext due to a bug in its systems.
“We recently found a bug
that stored passwords unmasked in an internal log. We fixed the bug and
have no indication of a breach or misuse by anyone,” the company said
via its Twitter Support account. “As a precaution, consider changing your password on all services where you’ve used this password.”
Twitter
uses the bcrypt hashing function to store mathematical representations
of users’ passwords. This enables Twitter’s systems to validate users’
account credentials without having to see their actual passwords since
they are represented by a random set of numbers and letter.
Unfortunately, a coding bug in Twitter’s systems caused those passwords
to be shown in plaintext in an internal log before completing the
hashing process, Twitter’s chief technology officer Parag Agrawal
explained in a blog post.
“We
are sharing this information to help people make an informed decision
about their account security. We didn’t have to, but believe it’s the
right thing to do,” Agrawal said on his personal Twitter account. “I’m sorry that this happened, but am proud to work at a company that puts people who use our service first.”
Twitter isn’t actually the only site that was affected by the bug. ArsTechnica pointed out that GitHub suffered the same fate with a similar bug earlier this week.
Twitter
doesn’t believe that any password information ever left the company’s
systems or that any password was misused by anyone. However, he urges
all users to take necessary steps to make sure that their accounts are
safe.
The easiest and quickest way for users to prevent any
problems is to change their passwords. This can be done by going to
Twitter’s “Settings & Privacy” page and click on “Password.” Users
will be prompted to enter their current password and enter their new
password twice. On iOS and Android, users will have to go to the
“Settings & Privacy” page, tap on “Account” and tap on “Change
password.” It’s best to use a strong password that the user isn’t
already using on other websites.
Users also have the option to add
two-factor verification to have an extra layer of protection for their
accounts. On Twitter, this feature is called “Login verification” and
it’s located in the “Settings & Privacy” page under “Account.” Login
verification is located in the “Security” page in “Account” on the iOS
and Android apps.
Login verification will require users to provide
their mobile phone number. Once this has been set up, every time the
user logs in to Twitter, they will receive a verification code via SMS
text message. Users will have to enter that code in order to completely
log in to their Twitter account.
COMMENTS