Twitter has issued a statement urging all its 330 million users to change their password immediately because a bug has exposed them as plain text. While the companies internal investigation has proved that no data breach has occurred they are still asking its users to change the password of their accounts as soon as possible.
According to a report from the company, the bug occurred because of an issue in hashing algorithm which masks the password by replacing them with a fingerprint of that particular password. The process got disrupted because of a bug in the system which meant passwords were being saved in plaintext to an internal log. The company has claimed that it has found the bug and removed the buggy code. The company is also working to make sure that similar issues won’t pop up again.
The company hasn’t revealed how many numbers of users got affected but experts think that the bug has exposed a lot of passwords to the employees who have access to internal logs. But the fact that the company is urging its entire user base to change their passwords indicates that it would seem to be a significant number of users.
It is noted the number was “substantial” and that they were exposed for “several months”. Twitter caught the bug a few weeks ago and has reported it to some regulators, an insider told Reuters. Chief executive Jack Dorsey tweeted to say the “bug” had been fixed.
We recently discovered a bug where account passwords were being written to an internal log before completing a masking/hashing process. We’ve fixed, see no indication of breach or misuse, and believe it’s important for us to be open about this internal defect.
Twitter has also confirmed that the passwords have been stored only in the companies internal logs and these logs are not available to the public.
Take your time to comment on this article.