Twitter alerts users after squashing password revealing internal bug

The company is advising users to reset their passwords 'in the interests of caution'

Twitter users are being warned to update their passwords after the company identified a flaw in its systems that could have allowed staff at the company to view them in plaintext form.

In an email sent to users, the social network explained that it had fixed the bug in question, and that its internal investigation "shows no indication of breach or misuse by anyone". However, in the interests of safety, Twitter is advising users to change their passwords just in case.

Twitter users' passwords are encrypted using the bcrypt hashing function, a widely-used encryption algorithm that is among the most secure options available. However, an error in Twitter's implementation of bcrypt could have potentially exposed users if left unchecked.

"Due to a bug, passwords were written to an internal log before completing the hashing process," the company wrote in an email to users. "We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again."

"We are very sorry this happened. We recognise and appreciate the trust you place in us, and are committed to earning that trust every day."

It's rare for large companies to be so pro-active about notifying customers of a potential security issue - particularly if it appears that no-one was affected. Most major hacks - including infamous incidents affecting Yahoo, TalkTalk and others - only come to light when evidence of the breach is discovered by a third party.

However, Twitter's behaviour is set to become the new norm. Once the new GDPR rules come into force later this month, companies will be bound by law to alert both customers and regulatory authorities in the event of a breach affecting customers' personal data, with stiff penalties for failing to do so.

Featured Resources

BIOS security: The next frontier for endpoint protection

Today’s threats upend traditional security measures

Download now

The role of modern storage in a multi-cloud future

Research exploring the impact of modern storage in defining cloud success

Download now

Enterprise data protection: A four-step plan

An interactive buyers’ guide and checklist

Download now

The total economic impact of Adobe Sign

Cost savings and business benefits enabled by Adobe Sign

Download now

Recommended

Twitter Hires New Cyber Security Chief After Devastating Breach
social media

Twitter Hires New Cyber Security Chief After Devastating Breach

1 Oct 2020
The ultimate guide to landing a cyber security career
Careers & training

The ultimate guide to landing a cyber security career

30 Sep 2020
8 of the most secure web browsers
web browser

8 of the most secure web browsers

25 Sep 2020
Your essential guide to internet security
Security

Your essential guide to internet security

23 Sep 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Nokia will replace Huawei as BT's largest 5G equipment provider
5G

Nokia will replace Huawei as BT's largest 5G equipment provider

29 Sep 2020