Twitter asks users to change passwords after uncovering unmasked password logs
Twitter asks users to change passwords after uncovering unmasked password logs
Twitter has released a blog post where they recommend that their users change their passwords after discovering that their password hashing process had a bug which created unencrypted log files, allowing passwords to be read by those with access to Twitter servers. These files would have catastrophic consequences if they made it into the wrong hands, though thankfully this bug was discovered in a recent security sweep and not in the aftermath of a 3rd party hack.Â
After investigating the issue, Twitter has concluded that these files have not been breached by misused by anyone, making it unlikely that this list of passwords has been stolen. Even so, Twitter recommends that their users change their passwords to prevent any potential issues.Â
Twitter has already addressed the issue with their password hashing process, which should prevent this issue from occurring in the future. In their blog, Twitter also recommends that their users activate their “login verification” system, a form of two-factor authentication.Â
Â
   When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it. We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone.
Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password. You can change your Twitter password anytime by going to the password settings page.
Â
You can join the discussion on Twitter’s unmasked password logs on the OC3D Forums. Â