Twitter announced a critical security bug that has been identified in the service and is now prompting users to change their passwords. The problem lies in the way the account login passwords are stored in the internal database.
Change Your Twitter Passwords Now! The security bug is rated critical
Twitter as one of the foremost social networks is certainly one of the largest gatherings of users and their credentials. It has caused massive uproar among the security community and the general public when it announced a few hours ago that a dangerous security bug has been identified. The news broke when users attempted to login to their accounts and were presented with a message prompting them to change their passwords. The development team posted about this issue in an official post as well.
We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password. https://t.co/RyEDvQOTaZ
— Twitter Support (@TwitterSupport) May 3, 2018
It appears that a problem was found in the way the passwords are stored. The team found out that an issue with their system allowed passwords to be stored without being “masked” properly. Masking refers to the way sensitive information are stored in an internal database. The usual route is to manipulate the strings using a special “hashing” algorithm that changes them into a random mix of letters and numbers. This is used in order to protect them from the company employees themselves. During an evaluation the team discovered that this step was not being executed in the proper way. As a result many passwords were stored in an internal log file and the actual (Read more...)
*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | SensorsTechForum.com authored by Martin Beltov. Read the original post at: https://sensorstechforum.com/change-twitter-passwords-now-security-bug-revealed/