|
This article has been assessed not ready for publication.Please see the review comments on the collaboration page. When these things have been done, and the article is ready to be reviewed and fact-checked, Submit for review?Template:Assistant/submit/formSubmit for review by changing the |
| This article has been assessed not ready for publication.
Please see the review comments on the collaboration page. When these things have been done, and the article is ready to be reviewed and fact-checked, Submit for review?Template:Assistant/submit/formSubmit for review by changing the |
Friday, May 4, 2018
Social media giant Twitter Inc urged its users to change their passwords after they have discovered a glitch which caused some passwords to be stored in readable text on its internal computer system rather than encrypted by a process known as “hashing”.
Twitter’s chief technology officer Parag Agrawal disclosed the issue on Thursday afternoon, saying it had resolved the problem and they have found no indication passwords were stolen or misused by insiders via an internal investigation. Still, it urged all users to consider changing their passwords.
“It’s a bad thing and Twitter should be held to the fire for it,” says David Kennedy, CEO of the penetration testing firm TrustedSec while being interviewed by WIRED. “But they are taking the right steps by requesting everyone change their password and making the bug public versus hiding it.”
Twitter has begun notifying both mobile and desktop users to change their passwords, but several people have reported errors and lags, presumably because everyone is trying to make account changes at once.
“I’m sorry that this happened,” Agrawal wrote on Twitter after posting the announcement. “We are sharing this information to help people make an informed decision about their account security. We didn’t have to, but believe it’s the right thing to do.” The disclosure came on World Password Day.
Twitter declined to elaborate on how long the plaintext passwords were exposed, or why the company decided not to reset all user passwords, but it seems to have acted in good faith to resolve the issue.