Twitter urging every user to change password after glitch

Adjust Comment Print

Twitter is urging its users, all 330-some million of them, to change their passwords immediately after a glitch caused the passwords to be stored in readable format in the company's internal computer system, rather than an encrypted version.

The social media giant says it recently discovered a bug that saved user passwords on an internal log without proper encryption.

Twitter's chief technology officer Parag Agrawal explained in a blog post that Twitter uses the bcrypt hashing function to store mathematical representations of users' passwords. There's no indication that anyone's passwords have been stolen or misused, but in the interest of safety, Twitter is recommending everyone change their passwords.

Password security authority Per Thorsheim told the BBC that the chance of "passwords (or failed passwords) getting logged, in plain text logs available for staff or in worst case, complete strangers, is well known". "This allows our systems to validate your account credentials without revealing your password".

The company also said it is taking steps to ensure the bug does not happen again.

Automotive industry giants to launch blockchain research group MOBI
Shortly after MOBI was announced, the IOTA foundation released a statement saying that they were also joining the automotive consortium.

A bug discovered by Twitter left everyone's password exposed, but the company has not found any evidence of a breach.

According to the platform, the easiest and quickest way for users to prevent any problems is to change their passwords. "This is an industry standard", wrote Agrawal. As a precaution, consider changing your password on all services where you've used this password'.

Security expert Per Thorsheim, who regularly advises firms about the best password practices, said Twitter should be "applauded for its transparency".

Mr Cluley said enabling two-factor authentication that adds another ID check to login attempts would help "harden" accounts.