Late yesterday Twitter notified users by email and app notification that a bug was discovered in their system that made an undisclosed amount of passwords available to view in plaintext internal logs. Twitter claims that they discovered the flaw on their own and that there doesn’t seem to be a breach or misuse of the information.
Twitter goes on in the notification stating that the company “mask[s] passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system”.
The social media giants fails to mention just how many people are affected by this bug, but they appear to be urging all of the network’s users to “consider changing” their passwords.
Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again. We are very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.
This news breaks shortly after the software development platform, GitHub, announced a similar bug in their system earlier this week.
We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password. https://t.co/RyEDvQOTaZ
— Twitter Support (@TwitterSupport) May 3, 2018
