This night, Twitter issued a security warning, which recommended 336 million of its users to change passwords. It turned out that due to an obvious error, some codes were kept unprotected in the internal journal. However, there seemed to be no major leaks. It seems to be. The company disclosed the problem in the official blog and tweets of Twitter support. CEO Jack Dorsey and the official Twitter Support account retwined the message shortly after its release, and CTO Paragu Agraval apologized.
Full details are not known, but Twitter says that the newly discovered bug allowed users to store passwords in the internal log without protection, or a mask, a hashing bcrypt process. The industry standard security protocol replaces the password phrase with random numbers and letters, but its absence leads to the fact that Twitter logs passwords in text form.
The social network has already fixed the glitch and is working on introducing guarantees to prevent similar incidents in the future.
We are sharing this information to help people make an informed decision about their account security. We did not have to, but believe it.
- Parag Agrawal (@paraga)
How long the bug remained unnoticed and how many passwords were touched, it is not known, but the company believes that confidential information did not leave the internal servers and was not collected by intruders.
As a precautionary measure, Twitter encourages users to reset their passwords on Twitter and other services that use the same passwords. The company also proposes the use of two-factor authentication and password manager.
The article is based on materials .
Comments
Post a Comment