Micro blogging site Twitter has urged its more than 330 million users to change their passwords following a bug that stored passwords unmasked in an internal log.
Twitter has disclosed the issue in a blog post and series of Tweets, saying it that has resolved the problem assuring that the company’s internal investigation has showed that there has been no indication of breach or misuse by anyone.
Twitter, however, has urged all users to consider changing their passwords. You can change your Twitter password by going to the password settings page.
Twitter CTO Parag Agarwal has shared some tips on account security in a blog post that can help keep your account safe:
Change your password on Twitter and on any other service where you may have used the same password.
Use a strong password that you don’t reuse on other websites.
Enable login verification, also known as two factor authentication. This is the single best action you can take to increase your account security.
Use a password manager to make sure you’re using strong, unique passwords everywhere.
All about the Bug
Agarwal has explained the bug elaborately in his blog post.
He wrote, “We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system. This allows our systems to validate your account credentials without revealing your password. This is an industry standard.”
“Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again,” he added.