Twitter urges password change after security gaffe

Twitter has urged all its 330 million users to change their passwords after identifying a major bug that led to its passwords being stored unmasked in an internal log.

The bug in the company’s hashing function for obscuring passwords stored in Twitter’s system led to the passwords being written to an internal log before completing the hashing process, the company told users in a notification.

While there is no evidence that the log was breached or the information misused by anyone, the company is still asking users to consider changing their passwords “out of an abundance of caution”.

Twitter has also recommended turning on two-factor authentication and using a strong password that is not re-used on other services, potentially stored in a password manager so it doesn’t need to be easily remembered.

Emma Mohr-McClune, service director of global telecom consumer services, platforms and devices at data and analytics company GlobalData, said the incident reflects how urgently digital communications companies are seeking to avoid another data breach scandal following the high-profile breaches at Equifax, Uber and Facebook.

“The whole episode is symptomatic of the extreme jumpiness in the digital industry sector right now. No one can afford another data breach scandal,” she said.

“It also points to the need for social media platform leadership to think through their public communications and password change recommendation processes for all vulnerability scenarios.”

The fear is that malicious actors could use breached Twitter passwords to continue to influence the outcome of elections, such as happened in the 2016 US presidential election, Mohr-McClune said.

“It’s a digital doomsday scenario. But in this day and age, it’s one that we all — including Twitter — need to be taking seriously. As advised, users should change their passwords. But social media platforms should also be thinking about how to communicate the discovery of vulnerabilities in their security systems.”

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.