Late Thursday night, Twitter started suggesting users to change their password. This comes after a recent discovery of a bug that stored passwords unmasked in an internal log. Twitter, a micro-blogging site with around 336 million users, has updated a blog post explaining the bug and has also tweeted from the Twitter Support account.
Parag Agrawal, Twitter’s chief technology officer, in a blog update, explains, “We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system. This allows our systems to validate your account credentials without revealing your password. This is an industry standard. Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.”
Twitter claims it has fixed the bug and states that the investigation showed no indication of breach or misuse by anyone. Yet, Twitter is asking users to change their passwords on all services where they have used the same password.
Users are getting a prompt notification when they launch the Twitter app or log in to the Twitter account to change the password, but if not, this can be done by visiting ‘Login and Security’ option under ‘Settings and Accounts’ of the Twitter account.
Users can also enable login verification, a two-factor authentication, which will require one to also enter the code received on the mobile phone.
Agarwal apologised in the post, saying “We are very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.”businesstoday