Story image

Twitter password glitch showcases 'extreme jumpiness' in digital sector

07 May 18

More than 330 million Twitter users are being urged to change their passwords after an internal system glitch caused the passwords to be exposed in a log file.

Twitter is careful to state that there is no evidence the passwords were stolen, left the company’s systems or misused in any way, but issued the warning to change passwords as a precaution.

“When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it. We recently identified a bug that stored passwords unmasked in an internal log,” an email to users states.

The bug was due to a problem with password hashing. The process wrote passwords to an internal log before they were hashed.

“We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter's system. This allows our systems to validate your account credentials without revealing your password. This is an industry standard,” the company says.

The incident comes as World Password Day was celebrated to raise awareness about the importance of password security.

Commenting on the incident, GlobalData’s service director of Global Telecom Consumer Services, Platforms and Devices, Emma Mohr-McClune, says:

“The episode is symptomatic of the extreme jumpiness in the digital industry sector right now. No one can afford another data breach scandal.  It also points to the need for social media platform leadership to think through their public communications and password change recommendation processes for all vulnerability scenarios.” 

“The fact that it existed at all triggered the kind of mass security warning most digital communications providers would prefer not to have to deliver at all, especially not while the Facebook data privacy scandal is still ongoing,” Mohr-McClune concludes.

Twitter says there are steps users can take to keep their accounts safe.  

1. Change your password on Twitter and on any other service where you may have used the same password.

2. Use a strong password that you don't reuse on other services.

3. Enable login verification, also known as two factor authentication. This is the single best action you can take to increase your account security.

4. Use a password manager to make sure you're using strong, unique passwords everywhere.

“We are very sorry this happened. We recognise and appreciate the trust you place in us, and are committed to earning that trust every day,” Twitter concludes.

How blockchain will impact NZ’s economy
Distributed ledgers and blockchain are anticipated to provide a positive uplift to New Zealand’s economy.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Human value must be put back in marketing - report
“Digital is now so widely adopted that its novelty has worn off. In their attempt to declutter, people are being more selective about which products and services they incorporate into their daily lives."
Wine firm uses AR to tell its story right on the bottle
A Central Otago wine company is using augmented reality (AR) and a ‘digital first’ strategy to change the way it builds its brand and engages with customers.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Protecting organisations against internal fraud
Most companies tend to take a basic approach that focuses on numbers and compliance, without much room for grey areas or negotiation.
Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
Jade Software & Ambit take chatbots to next level of AI
“Conversation Agents present a huge opportunity to increase customer and employee engagement in a cost-effective manner."