Earlier today when I logged into my Twitter account, it suggested me to change the password. Not because passwords were stolen by a hacker but the issue is related to something else.
Twitter discovered a bug that was storing user passwords in plain text in an internal system. Now they have fixed the issue but want users change their password as a precaution. He company confirmed that there is “no indication of breach or misuse.”
Twitter has not revealed how many users were affected and for how long the big was existing passwords. The fact is that they want all users to change the password. It shows that the bug either affected all users or majority of users.
Twitter confirmed that they keep passwords in hashes to make it safe. But the bug was logging the passwords before the hashing process and hence it unmasked passwords.
I am still not convinced why there was a mechanism of writing passwords in log before encrypting it. Are they trying to defend them by calling it a bug. I am saying this because Twitter is also accessed of selling user data to firm linked to Cambridge Analytica. It may also be investigated. So, before audit firm found what they are doing, they came with acceptance in the name of bug.
If you use Twitter, do not forget to change your password and keep your account safe.
