Twitter Recommends Password Reset after Discovering Internal Bug

Randal Sanchez
May 4, 2018

A bug caused the passwords to be written on an internal computer log before the hashing process was completed, the blog said.

The bad news is, they are still urging users to change the password associated with their Twitter account and, as further precaution, any account where that same password may have been used.

The San Francisco-based social media company said it found a bug that "stored passwords unmasked in an internal log", according to a blog post from Chief Technology Officer Parag Agrawal.

Twitter uses the masked passwords to validate users' account credentials. "This is an industry standard".

But because of the bug, the password was stored in the internal log. Twitter spotted the problem to fix the bug and also deleted the stored passwords in the log.

Apparently Twitter is implementing plans to prevent this from happening again.

"We recognise and appreciate the trust you place in us, and are committed to earning that trust every day".

Facebook-owned Oculus' $199 standalone Oculus Go virtual reality headset is here
The hardware is the company's first standalone headset and has launched with more than 1,000 apps, games and experiences. Battery life is set around 2 hours for playing games, and about 2.5 hours when you're streaming media and video content.

Another 17 percent reported issues with the Android app, while 10 percent reported issues with the iOS Twitter app. "We didn't have to, but believe it's the right thing to do".

The news parallels another incident earlier this week, where Github also disclosed that it had discovered a recently introduced bug exposing a small number of users' passwords in plain text. (But really, change your password.) Agrawal neglects to mention that we Twitter users didn't choose to have our passwords potentially compromised.

"I should not have said we didn't have to share". However, he then backtracked on his statement and said that he "felt strongly that we should". Two-factor authentication requires approval on a separate device or through a separate service once a password is entered and is widely regarded as one of the better methods through which users can secure login information and other data.

Another easier way to make sure your Twitter account safety is by enabling the two-step verification. Dictionary words are easily cracked, so it's a good idea to use a password manager and generator to create logins that use a combination of numbers, letters and other characters.

After entering your info, you'll see a small pop-up at the bottom of your screen letting you know your password has successfully been changed.

Now click "Account" and select "Set up login verification".

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER