Welcome to WebmasterWorld Guest from 54.221.75.115

Forum Moderators: not2easy & rumbas

Twitter asks 330m users to change passwords due to security bug

     
9:11 pm on May 3, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:8732
votes: 699


Twitter Inc. TWTR, +0.39% said late Thursday that it had located a bug that stored its more than 330 million user passwords unmasked in an internal log, but had found no evidence of breach or misuse by anyone. Twitter stock was down more than 1% after hours, and closed up a fraction to $30.67 during regular trading. In a blog post, Twitter said that it recommended its users change their passwords on the service and any others that use the same password. "Due to a bug, passwords were written to an internal log before completing the hashing process," the company's Chief Technology Officer Parag Agrawal wrote in the blog post. "We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again." After logging two profitable quarters, Twitter stock has gained 27% this year as the benchmark S&P 500 index SPX, -0.23% fell 1.4%.

[marketwatch.com...]

Full report, link included for credit
12:20 am on May 4, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 890

12:59 am on May 4, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:8732
votes: 699


What does selling user data have to do with changing passwords because T had an error in their programming?
1:06 am on May 4, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 890


IMO it clearly shows Twitter has no authentic concern for user privacy/safety and only presents itself as such when doing so is beneficial to its image.
1:20 am on May 4, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:8732
votes: 699


Twitter Admits All Passwords Visible to Employees Due to ‘Bug’
Social media company Twitter has advised users to change their account passwords after it was discovered that a bug resulted in user passwords being stored in an insecure manner.

In a blog post titled “Keeping your account secure,” company CTO Parag Agrawal explained that the platform utilizes software that masks user passwords, preventing anyone at the company from viewing them. But due to a bug, all user passwords were stored in plaintext in an internal log. Agarwal says that they have investigated and fixed the bug and so far have found no signs of misuse or breach of user data.

[breitbart.com...]

More info ... company employees had access to T passwords, though claim no harm found.
11:31 pm on May 4, 2018 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:June 20, 2006
posts:2070
votes: 61


If you don't use unique passwords, this should be a reminder of the security issue you have open.
:-)
3:36 pm on May 5, 2018 (gmt 0)

Preferred Member

Top Contributors Of The Month

joined:Mar 25, 2018
posts:500
votes: 101


I still see sites, which , when you forget your password, propose to email it to you. I don't mean a temporary password, no no , they still propose to email you , your password. So it means the password is stored in plain text , or eventually, in a reversible encryption format. And they can email it to you , in plain text, with anyone being able to intercept it ...
10:04 pm on May 5, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 890


Twitter is now making me sign-in every time I open its page.
10:29 pm on May 5, 2018 (gmt 0)

Senior Member

WebmasterWorld Senior Member topr8 is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 19, 2002
posts:3419
votes: 56


>>Twitter is now making me sign-in every time I open its page.

ah, that's not universal, they are not doing that with me.

for reference: i only use twitter from a windows 10 computer on a fixed ip address using vivaldi/chrome browser - if this makes a difference
1:00 am on May 6, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 890


i only use twitter from a windows 10 computer on a fixed ip address using vivaldi/chrome browser - if this makes a difference
As am I.
4:44 pm on May 7, 2018 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member piatkow is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 5, 2006
posts:3448
votes: 55



Twitter is now making me sign-in every time I open its page.

Me too
3:04 am on May 8, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 890


Twitter is only asking me to sign in every time I access their site from desktop.

Mobile does not do this, never has... and I don't use any of the Twitter apps.
4:34 pm on May 9, 2018 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member piatkow is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 5, 2006
posts:3448
votes: 55


Had no problem on mobile and now staying logged in on desktop. However a couple of forums stopped staying logged in so I don't know if it was all down to some other update on my laptop.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members