Twitter advising its users to change passwords after bug found

May 4 2018, 5:00 pm

Twitter is asking its users to change their passwords after the social media giant found a bug in their system.

According to CTO Parag Agrawal, Twitter identified “a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone.”

Agrawal added that “out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password.”

Generally, Twitter masks passwords through a process called hashing, using a function known as bcrypt, which Agrawal said replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system.

“This allows our systems to validate your account credentials without revealing your password. This is an industry standard,” he said in a blog post.

But due to a bug, passwords were written to an internal log before completing the hashing process.

“We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again,” said Agrawal.

While Twitter seems to have a handle on the problem, some think they are underplaying how big this issue is.

“This is not a breach. It’s significantly worse,” tweeted Phil Libin, Co-founder and CEO of AI startup All Turtles.

Twitter users can change their passwords by going to the password settings page.

See also
Daily Hive StaffDaily Hive Staff

+ News
+ Tech