by Eric Lieberman
Twitter announced Thursday that a recently discovered “bug” left account passwords “unmasked” and thus vulnerable.
The social media company is now advising users of the social media platform to change their passwords “out of an abundance of caution.”
“I’d emphasize that this is related to our internal systems only, is not a breach and our investigation has shown that the information was not misused,” a spokeswoman for Twitter told The Daily Caller News Foundation. “Since this is true, we are not forcing a password reset but are presenting the information for people to make an informed decision about their account. We believe this is the right thing to do.”
Parag Agrawal, the CTO of Twitter, describes the situation further in a company blog post:
We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system. This allows our systems to validate your account credentials without revealing your password. This is an industry standard.
Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.
Agrawal outlines a number of ways to increase the security of one’s account, including two-factor authentication — a mechanism that multiple tech experts told TheDCNF is superior to most others.
“We are very sorry this happened,” Agrawal concludes. “We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.”
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact [email protected]