8 May 2018

Twitter Urges Users To Change Their Password After Bug Discovered

Twitter has sent a notification to its users warning them of an internal software bug that have unintentionally exposed unmasked passwords by storing them in an internal log.
According to the Twitter CTO, Para Agrawal, Twitter uses the popular bcrypt function to hash passwords.

This replaces the actual passwords with a random set of numbers and letters which then allows Twitter's systems to validate user credentials without having to reveal passwords. This also masks the passwords from Twitter employees too.

"Due to a bug, passwords were written to an internal log before completing the hashing process.

We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again", Twitter CTO, Agrawal said in a blog post.

However, Agrawal said the bug has been fixed and an investigation shows no indication of a breach or misuse by anyone.

"We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone", Agrawal said.

He then suggested that Twitter users change their password on all services that they used that particular password on. And, enable two-factor verification authentication so as to increase account security.
Twitter has sent a notification to its users warning them of an internal software bug that have unintentionally exposed unmasked passwords by storing them in an internal log.
According to the Twitter CTO, Para Agrawal, Twitter uses the popular bcrypt function to hash passwords.

This replaces the actual passwords with a random set of numbers and letters which then allows Twitter's systems to validate user credentials without having to reveal passwords. This also masks the passwords from Twitter employees too.

"Due to a bug, passwords were written to an internal log before completing the hashing process.

We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again", Twitter CTO, Agrawal said in a blog post.

However, Agrawal said the bug has been fixed and an investigation shows no indication of a breach or misuse by anyone.

"We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone", Agrawal said.

He then suggested that Twitter users change their password on all services that they used that particular password on. And, enable two-factor verification authentication so as to increase account security.

No comments:

Post a Comment

Please Drop Your Comments, after dropping your comment, keep calm, it would take Just few seconds before it appears {°Live°}√

You Want to be notified when we reply your comment? Then tick the "Notify Me" Box.


Designed by Reks Rex Jacob