Parag Agrawal, chief technology officer, announced on Wednesday that its internal team found that although passwords are usually stored encrypted, at least one log records them in clear text.
“We use a function called bcrypt to mask passwords through a process called hashing, which replaces the actual password with random numbers and letters stored on the Twitter system so that our system can authenticate without revealing the password. Your account credentials. This is an industry standard, “Agrawal talked about security features that don’t work.
“Because of a bug, the password was written to the internal log before completing the hashing process.”
Twitter stressed that this issue was discovered internally by its own engineers. So far, there is no indication that anyone other than the company can view the document, let alone harvest the password.
Despite this, Twitter recommends that everyone who has an account change their password and do the same on any other website that re-uses the password (as a best practice, you should not reuse passwords).
“We are very sorry about this,” Agrawal told the user. “We recognize and appreciate your trust in us and are committed to winning this trust every day.”
The time of disclosure was particularly bad for Twitter because the Internet today observed World Password Day by raising awareness of good password management practices and secure storage.
Of course, this is not the type of exposure that Twitter is looking for, especially as it tries to strengthen the protection of user data after the Cambridge Analytica data collection scandal.
Microblogging site downplays epic security blunder as log file left unencrypted Twitter is ringing in World Password Day by notifying its users, all 330 million of them, that their login credentials were left unencrypted in an internal log file and should be changed. Engaging post, Read More…
thumbnail courtesy of theregister.co.uk
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post »