Uh, Maybe Change Your Passwords — Twitter to Everyone

Posted May 04, 2018

Essentially, the bug that they have found unmasks the users' passwords that are stored in a hidden internal log that is normally encrypted and can not be viewed by employees.

To change your Twitter account's password, navigate to Settings and privacy Password. While Twitter asserts that there's no evidence that the information was leaked or misused, it strongly suggests that everybody changes their password right now. Of course, this means that logging in will take longer than it would when only using a simple password.

The San Francisco company says it masks, or encrypts, passwords by replacing them with a random set of numbers and letters. If the system is operating correctly, account credentials are accessed without actually revealing the password.

However, due to a bug, the passwords were written to an internal log before completing the hashing process.

Twitter has issued a warning to its 330 million users, urging them to change their passwords. Usually this kind of information is kept masked/encrypted, but unfortunately in Twitter's case, a bug might have led to passwords being unmasked.

Juventus gain crucial title edge after late fightback downs Inter
But Milan Skriniar turned the ball into his own net after 87 minutes with Gonzalo Higuain heading in the victor two minutes later. That result shrunk Juve's lead to just one point with four games remaining, and two tough trips to Roma and Inter still to come.

Make sure your password is one that you don't use elsewhere, and one that isn't easily guessable (no password123 lads). It is required that you link the Twitter account to a phone because of that. Either both companies had simply misconfigured their systems, or perhaps there is an issue in an underlying software library or component used by both companies (and likely others).

The good news is the bug has been fixed and Twitter does not believe a breach has occurred.

The US Federal Trade Commission, which investigates companies accused of deceptive practices related to data security, declined comment on the password glitch. Users are urged to change the passwords they use on the site, in addition to anywhere else they may have used it, such as management suite TweetDeck, HootSuite, and other third-party Twitter apps.

Enable login verification, also known as two factor authentication.

The posting goes on to say that users should change their passwords on Twitter and anywhere else they'd use their Twitter passwords, and that the replacement password should be strong and unique.