Twitter urges password change after security gaffe


By Dylan Bushell-Embling
Monday, 07 May, 2018

Twitter urges password change after security gaffe

Twitter has urged all its 330 million users to change their passwords after identifying a major bug that led to its passwords being stored unmasked in an internal log.

The bug in the company’s hashing function for obscuring passwords stored in Twitter’s system led to the passwords being written to an internal log before completing the hashing process, the company told users in a notification.

While there is no evidence that the log was breached or the information misused by anyone, the company is still asking users to consider changing their passwords “out of an abundance of caution”.

Twitter has also recommended turning on two-factor authentication and using a strong password that is not re-used on other services, potentially stored in a password manager so it doesn’t need to be easily remembered.

Emma Mohr-McClune, service director of global telecom consumer services, platforms and devices at data and analytics company GlobalData, said the incident reflects how urgently digital communications companies are seeking to avoid another data breach scandal following the high-profile breaches at Equifax, Uber and Facebook.

“The whole episode is symptomatic of the extreme jumpiness in the digital industry sector right now. No one can afford another data breach scandal,” she said.

“It also points to the need for social media platform leadership to think through their public communications and password change recommendation processes for all vulnerability scenarios.”

The fear is that malicious actors could use breached Twitter passwords to continue to influence the outcome of elections, such as happened in the 2016 US presidential election, Mohr-McClune said.

“It’s a digital doomsday scenario. But in this day and age, it’s one that we all — including Twitter — need to be taking seriously. As advised, users should change their passwords. But social media platforms should also be thinking about how to communicate the discovery of vulnerabilities in their security systems.”

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related Articles

Strategies for navigating Java vulnerabilities

Java remains a robust and widely adopted platform for enterprise applications, but staying ahead...

Not all cyber risk is created equal

The key to mitigating cyber exposure lies in preventing breaches before they happen.

How AI can help businesses manage their cyber risks

Artificial intelligence can be a powerful ally in the fight against cyberthreats.

Content from other channels on our network

Building secure AI: a critical guardrail for Australian policymakers

Streamlining ITSM does not require more staff: report

Shoalhaven City Council strengthens disaster recovery and security with Azure

DVA enlists TechnologyOne for digital transformation upgrade

Meeting modern citizens' needs with AI-powered government services

Powering data centres in the age of AI

Bringing geospatial tools to infrastructure planning

CICCADA project to analyse Australia's consumer energy

NSW EV charging network expands

When bus depots become energy hubs

2024–25 Thought Leaders: Tim Karamitos

Communication interoperability is vital to silo-free public safety comms

Nokia selected to deploy 4G and 5G equipment in India

Optimising RF connector selection: technical considerations for signal integrity

Govt funds mobile coverage boost for regional Vic, NSW

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd