Twitter warned its users on Thursday to change their passwords after it discovered that it had mistakenly stored them internally prior to fortifying them through a security technique, leaving the passwords vulnerable to hackers.
Parag Agrawal, Twitter’s chief technology officer, wrote in a blog post that users should also consider changing their passwords on other services if the passwords they used there were the same as on Twitter. The company also disclosed the password flaw in a regulatory filing on Thursday, indicating that the bug was serious enough to warrant more formal disclosure than a corporate blog post. Twitter has about 336 million users, according to its latest letter to shareholders.
Twitter (TWTR, -0.72%) CEO Jack Dorsey followed Agrawal’s post by tweeting that company has “no indication of breach or misuse.” He added that the company warned users because “it’s important for us to be open about this internal defect.”
The software bug said to be responsible for the problem appears to be related to how the company secures user passwords through a security technique called hashing, Agrawal explained. Through the hashing technique, Twitter converts passwords into random assortments of numbers so that when users log in, Twitter can validate passwords without actually having to read them.
Because of the software bug, however, user passwords were written into an unspecified “internal log” before they could be converted into a series of numbers. As a result, user passwords were left vulnerable, although Twitter said no one appears to have improperly accessed the log.
Twitter Warns 336 Million Users to Change Their Passwords After Leaving Them Vulnerable to Hackers
Reviewed by Mr. Poster
on
12:33:00 am
Rating:
Reviewed by Mr. Poster
on
12:33:00 am
Rating:
No comments:
thanks for your comment. We'll notify you when someone reacts to your comment.