Bug Alert! All 330 Million Twitter Users Need to Change Their Passwords Immediately

Tweet, tweet! No, that’s not a bird you’re hearing outside your window, that’s Twitter kindly reminding you to change your password immediately. And that goes for every single user, as it was discovered just today, on World Password Day no less, that all 330 million Twitter users need to change their passwords to their accounts after a bug exposed them in plain text.

So, how did this exactly happen? According to Twitter, this vulnerability came about due to an issue within the hashing process that masks passwords. This process is supposed to mask these passwords by replacing them with a random string of characters that get stored on Twitter’s system. However, an error occurred during this process that caused these passwords to be saved in plain text to an internal log.

This news first came to light via a company blog, as Twitter confirmed that “we found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.” So far, Twitter has not revealed how many users’ passwords may have been potentially compromised or how long the bug was exposing passwords before the issue was discovered – which is precisely why the company has advised every user to change their password just in case.

Read more at McAfee

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Leave a Reply

Latest from Cybersecurity

SIGN UP NOW for FREE News & Analysis on topics of your choice across homeland security!

BEYOND POLITICS.  IT'S ABOUT THE MISSION. 

Go to Top
Malcare WordPress Security