fbpx

Twitter urges all users to change passwords immediately

Social networking site Twitter has just announced that all users will need to change passwords immediately following a bug discovery.

The bug, seen by the internal team, logs all of the user’s passwords onto a single file without having any encryption. Although there have been no signs of breach or misuse over the said bug, the company –including CEO Jack Dorsey —  is urging everyone who uses the platform to immediately change their passwords for their safety and as a precautionary measure.

The site has rolled out a new popup that informs users of the incident, prompting them to do action immediately, as well as suggesting to heighten up account security such as turning on two-factor authentication, choosing more unique passwords, and using password managers for storage.

Twitter said that the issue has been fixed as of the announcement time. There are currently 336 million users on the microblogging social network service, and the company declined to comment to CNN on how many passwords were stored in the said internal bug.

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 985 other subscribers
Avatar for Carl Lamiel

Get in touch with Carl at @lamielcarl on Twitter or visit his website for more updates!

1 Response

  1. Avatar for bern bern says:

    What?! Funny! Absurd in the first place, why you logged all the password in single unprotected file, don’t you have a QA before you patch your production server even if it is internal, you twitter is not a small time, but having with this kind of bug that shouldn’t have passed your QA all along, is not making any sense. You demean your reputation and made yourself stupid, because no stupid engineer would make this without your consent, because all codes must go through the engineering process before it reach the server, first the engineer must follow the BRD, then code review, after that the QA Testings, and how this kind of stupidity, because in the first place who made a requirement that the password should be included in the log in an unencrypted format and what for, have passed through all your scrutiny?

Leave a Reply
JOIN OUR TELEGRAM DISCUSSION

Your email address will not be published. Required fields are marked *