Tonight Twitter has released a security warning, which advised 336 million of its users to change their passwords. It turned out that because of the obvious mistakes some codes were stored unprotected in the internal magazine. However, large leaks seemed to be no. It seems to be. The company disclosed the problem in the official blog and tweets support for Twitter. CEO Jack Dorsey and the official Support Twitter account retweeted a message shortly after its release, and CTO Parag Agrawal tweeted an apology.
Full details are unknown, but Twitter says that the recently discovered bug was allowed to keep user passwords in the internal magazine without protection, or masks, bcrypt hashing process. Protocol security industrial standard replace the passphrase with random numbers and letters, but his absence leads to the fact that Twitter classifies the passwords in plaintext.
The social network is already a bug and to introduce safeguards to prevent similar incidents in the future.
We are sharing this information to help people make an informed decision about their account security. We didn’t have to, but believe it’s the right thing to do. https://t.co/yVKOqnlITA
— Parag Agrawal (@paraga) 3 may 2018.
How long the bug has remained unnoticed and how many passwords were affected, is unknown, but the company believes that confidential information has not left the internal server and not going by attackers.
As a precaution, Twitter encourages users to reset their passwords on Twitter and other services where they used the same passwords. The company also proposes to use two-factor authentication and a password Manager.
Passwords 336 million Twitter users have been compromised due to a bug
Ilya Hel