Twitter users to change their password over bug in system
Twitter users to change the password of their account.
The microblogging site Twitter issued cautioned its Twitter users on Thursday saying it detected a bug in its system that stored passwords “unmasked in an internal log”, and that each user should change their password for safety purpose, though there is no impending danger.
“When a password is set for a Twitter user account, we use technology that masks it so no one at the company can view it. We recently identified a bug that stored passwords unmasked in an internal log. Though we have fixed the bug, and our investigation shows no indication of breach or misuse by anyone,” Twitter posted in a blog on Thursday, May 3.
The social media network asked its Twitter users to change the password on all services where they have used the password.
The password can easily be changed at any time by going to the password settings page.
What is the bug
Twitter says it masks passwords through “hashing” process using “bcrypt” function, “which do not show the users actual password but changes it to a random set of numbers and letters” These passwords are stored in Twitter’s database.
“This allows our system not to reveal your passwords even while validating it. This is an industry standard,” Twitter CTO Parag Agarwal wrote on the blog.
With the bug found in the system in the present case, passwords got written to an internal log as before the hashing process could be completed. “We found this error ourselves, detached the passwords, and are implementing plans to stop this bug from occurring again,” Agarwal wrote also.
How to secure your account
While Twitter says it has no reason to believe the unmasked passwords ever left Twitter’s systems or were misused, it’s better to be at the safer side. Here is what it suggests you can do to keep your account safe.
- Change password on Twitter and on any other service where you may have used the same password.
- Use a strong password that you don’t reuse on any other website.
- Enable two-factor authentication for login verification.
- You can consider using a password manager to ensure you are using strong, unique passwords everywhere.