Tweet, tweet! No, that’s not a bird you’re hearing outside your window, that’s Twitter kindly reminding you to change your password immediately. And that goes for every single user, as it was discovered just today, on World Password Day no less, that all 330 million Twitter users need to change their passwords to their accounts after a bug exposed them in plain text.
So, how did this exactly happen? According to Twitter, this vulnerability came about due to an issue within the hashing process that masks passwords. This process is supposed to mask these passwords by replacing them with a random string of characters that get stored on Twitter’s system. However, an error occurred during this process that caused these passwords to be saved in plain text to an internal log.
This news first came to light via a company blog, as Twitter confirmed that “we found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.” So far, Twitter has not revealed how many users’ passwords may have been potentially compromised or how long the bug was exposing passwords before the issue was discovered – which is precisely why the company has advised every user to change their password just in case. But, beyond changing their passwords, what other security steps can Twitter users take to ensure they stay protected from this bug? Start by following these tips:
- Make your next password strong. When changing your password, make sure the next one you create is a strong password that is hard for cybercriminals to crack. Include numbers, lowercase and uppercase letters, and symbols. The more complex your password is, the more difficult it will be to crack. Finally, avoid common and easy to crack passwords like “12345” or “password.”
- Use unique passwords for every account. Was your Twitter password the same one used for other accounts? If that’s the case, you need to also change those passwords immediately. It’s a good security rule of thumb – always use different passwords for your online accounts so you avoid having all of your accounts become vulnerable if you are hacked. It might seem difficult to keep so many passwords, but it will help you keep your online accounts secure.
- Use a password manager. Take your security to another level with a password manager. A password manager can help you create strong passwords, remove the hassle of remembering numerous passwords and log you into your favorite websites automatically.
"author": "Gary Davis",
"category": "Consumer Threat Notices",
"authordetail": "Gary Davis is Chief Consumer Security Evangelist. Through a consumer lens, he partners with internal teams to drive strategic alignment of products with the needs of the security space. Gary also provides security education to businesses and consumers by distilling complex security topics into actionable advice. Follow Gary Davis on Twitter at @garyjdavis",
"pubDate": "Thur, 3 May 2018 12:35:48 +0000"