Twitter alerts users after squashing password revealing internal bug

The company is advising users to reset their passwords 'in the interests of caution'

Twitter users are being warned to update their passwords after the company identified a flaw in its systems that could have allowed staff at the company to view them in plaintext form.

In an email sent to users, the social network explained that it had fixed the bug in question, and that its internal investigation "shows no indication of breach or misuse by anyone". However, in the interests of safety, Twitter is advising users to change their passwords just in case.

Twitter users' passwords are encrypted using the bcrypt hashing function, a widely-used encryption algorithm that is among the most secure options available. However, an error in Twitter's implementation of bcrypt could have potentially exposed users if left unchecked.

Advertisement - Article continues below

"Due to a bug, passwords were written to an internal log before completing the hashing process," the company wrote in an email to users. "We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again."

"We are very sorry this happened. We recognise and appreciate the trust you place in us, and are committed to earning that trust every day."

It's rare for large companies to be so pro-active about notifying customers of a potential security issue - particularly if it appears that no-one was affected. Most major hacks - including infamous incidents affecting Yahoo, TalkTalk and others - only come to light when evidence of the breach is discovered by a third party.

Advertisement
Advertisement - Article continues below

However, Twitter's behaviour is set to become the new norm. Once the new GDPR rules come into force later this month, companies will be bound by law to alert both customers and regulatory authorities in the event of a breach affecting customers' personal data, with stiff penalties for failing to do so.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Recommended

Visit/security/355013/10-quick-tips-to-identifying-phishing-emails
Security

10 quick tips to identifying phishing emails

16 Mar 2020
Visit/business-strategy/mergers-and-acquisitions/354941/panda-security-to-be-acquired-by-watchguard
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020
Visit/marketing-comms/social-media/354837/twitter-bans-70-pro-bloomberg-accounts
social media

Twitter bans 70 pro-Bloomberg accounts

23 Feb 2020
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Most Popular

Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/mobile/mobile-phones/355088/apple-lifts-iphone-purchase-restrictions
Mobile Phones

Apple lifts iPhone purchase restrictions

23 Mar 2020