Twitter alerts users after squashing password revealing internal bug

The company is advising users to reset their passwords 'in the interests of caution'

Twitter users are being warned to update their passwords after the company identified a flaw in its systems that could have allowed staff at the company to view them in plaintext form.

In an email sent to users, the social network explained that it had fixed the bug in question, and that its internal investigation "shows no indication of breach or misuse by anyone". However, in the interests of safety, Twitter is advising users to change their passwords just in case.

Twitter users' passwords are encrypted using the bcrypt hashing function, a widely-used encryption algorithm that is among the most secure options available. However, an error in Twitter's implementation of bcrypt could have potentially exposed users if left unchecked.

"Due to a bug, passwords were written to an internal log before completing the hashing process," the company wrote in an email to users. "We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"We are very sorry this happened. We recognise and appreciate the trust you place in us, and are committed to earning that trust every day."

It's rare for large companies to be so pro-active about notifying customers of a potential security issue - particularly if it appears that no-one was affected. Most major hacks - including infamous incidents affecting Yahoo, TalkTalk and others - only come to light when evidence of the breach is discovered by a third party.

However, Twitter's behaviour is set to become the new norm. Once the new GDPR rules come into force later this month, companies will be bound by law to alert both customers and regulatory authorities in the event of a breach affecting customers' personal data, with stiff penalties for failing to do so.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/analytics/30201/how-to-use-twitter-analytics-start-sharing-like-the-pros
analytics

How to use Twitter analytics: start sharing like the pros

21 Feb 2019

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/microsoft-windows/354526/memes-and-viking-funerals-the-internet-reacts-to-the
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020