Twitter asks 330m users to change passwords due to security bug

Forum Moderators: not2easy & rumbas

Message Too Old, No Replies

Twitter asks 330m users to change passwords due to security bug

tangor

9:11 pm on May 3, 2018 (gmt 0)

Twitter Inc. TWTR, +0.39% said late Thursday that it had located a bug that stored its more than 330 million user passwords unmasked in an internal log, but had found no evidence of breach or misuse by anyone. Twitter stock was down more than 1% after hours, and closed up a fraction to $30.67 during regular trading. In a blog post, Twitter said that it recommended its users change their passwords on the service and any others that use the same password. "Due to a bug, passwords were written to an internal log before completing the hashing process," the company's Chief Technology Officer Parag Agrawal wrote in the blog post. "We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again." After logging two profitable quarters, Twitter stock has gained 27% this year as the benchmark S&P 500 index SPX, -0.23% fell 1.4%.

[marketwatch.com...]

Full report, link included for credit

keyplyr

12:20 am on May 4, 2018 (gmt 0)

[webmasterworld.com...]

tangor

12:59 am on May 4, 2018 (gmt 0)

What does selling user data have to do with changing passwords because T had an error in their programming?

keyplyr

1:06 am on May 4, 2018 (gmt 0)

IMO it clearly shows Twitter has no authentic concern for user privacy/safety and only presents itself as such when doing so is beneficial to its image.

tangor

1:20 am on May 4, 2018 (gmt 0)

Twitter Admits All Passwords Visible to Employees Due to �Bug�
Social media company Twitter has advised users to change their account passwords after it was discovered that a bug resulted in user passwords being stored in an insecure manner.

In a blog post titled �Keeping your account secure,� company CTO Parag Agrawal explained that the platform utilizes software that masks user passwords, preventing anyone at the company from viewing them. But due to a bug, all user passwords were stored in plaintext in an internal log. Agarwal says that they have investigated and fixed the bug and so far have found no signs of misuse or breach of user data.

[breitbart.com...]

More info ... company employees had access to T passwords, though claim no harm found.

RhinoFish

11:31 pm on May 4, 2018 (gmt 0)

If you don't use unique passwords, this should be a reminder of the security issue you have open.
:-)

Travis

3:36 pm on May 5, 2018 (gmt 0)

I still see sites, which , when you forget your password, propose to email it to you. I don't mean a temporary password, no no , they still propose to email you , your password. So it means the password is stored in plain text , or eventually, in a reversible encryption format. And they can email it to you , in plain text, with anyone being able to intercept it ...

keyplyr

10:04 pm on May 5, 2018 (gmt 0)

Twitter is now making me sign-in every time I open its page.

topr8

10:29 pm on May 5, 2018 (gmt 0)

>>Twitter is now making me sign-in every time I open its page.

ah, that's not universal, they are not doing that with me.

for reference: i only use twitter from a windows 10 computer on a fixed ip address using vivaldi/chrome browser - if this makes a difference

keyplyr

1:00 am on May 6, 2018 (gmt 0)

i only use twitter from a windows 10 computer on a fixed ip address using vivaldi/chrome browser - if this makes a difference

As am I.

piatkow

4:44 pm on May 7, 2018 (gmt 0)

Twitter is now making me sign-in every time I open its page.

Me too

keyplyr

3:04 am on May 8, 2018 (gmt 0)

Twitter is only asking me to sign in every time I access their site from desktop.

Mobile does not do this, never has... and I don't use any of the Twitter apps.

piatkow

4:34 pm on May 9, 2018 (gmt 0)

Had no problem on mobile and now staying logged in on desktop. However a couple of forums stopped staying logged in so I don't know if it was all down to some other update on my laptop.