Latest in Gear

Image credit:

Twitter warns all users to change passwords following internal bug

The company says it fixed the issue, but passwords were stored unmasked.

Sponsored Links

Photothek via Getty Images

Twitter announced today that a bug allowed users' passwords to be stored internally without being masked. When things are working correctly, Twitter stores hashed passwords, turning them into random letters and numbers so that no one at the company can see what any user's password is. But a bug caused passwords to be stored within an internal log before the hashing process was complete. Twitter says that it spotted the problem itself and fixed it. But while it claims there has been no evidence that the passwords were misused or that they left the company's systems, Twitter is recommending that everyone change their passwords just to be safe.

In a blog post about the issue, Twitter suggests its users also use a strong password that's not used on other sites, enable two-factor authentication and use a password manager to keep track of unique passwords -- typical recommendations for online security. The company said that the password problem was uncovered recently, but didn't say exactly when or how long the passwords had been exposed.

"We are very sorry this happened," Twitter said. "We recognize and appreciate the trust you place in us, and are committed to earning that trust every day."

In this article: gear, hashing, internet, password, security, twitter
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Presenting the Best of CES 2021 winners!

Presenting the Best of CES 2021 winners!

View
ICYMI: More gadget highlights from CES 2021

ICYMI: More gadget highlights from CES 2021

View
Canon made a site that lets you 'take photos' from a real satellite

Canon made a site that lets you 'take photos' from a real satellite

View
Biden elevates science advisor to cabinet role for the first time

Biden elevates science advisor to cabinet role for the first time

View
Bloomberg: 'Cyberpunk 2077' full development didn't start until 2016

Bloomberg: 'Cyberpunk 2077' full development didn't start until 2016

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr