If you’re on Twitter, the company says you should change your password.
This comes after a revelation that passwords were being stored unencrypted internally. Although the company believes the passwords were not shared outside the organization, employees had access to user passwords, and the company says that’s reason enough for users to change them.
In blog post, Twitter explained:
When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it. We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone.Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password. You can change your Twitter password anytime by going to the password settings page.
[RELATED: Take advantage of the power of video—regardless of resources or budget]
The company shared the news via its own platform:
We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password. https://t.co/RyEDvQOTaZ
— Twitter Support (@TwitterSupport) May 3, 2018
Twitter’s CEO Jack Dorsey shared the tweet:
We recently discovered a bug where account passwords were being written to an internal log before completing a masking/hashing process. We’ve fixed, see no indication of breach or misuse, and believe it’s important for us to be open about this internal defect. https://t.co/BJezo7Gk00
— jack (@jack) May 3, 2018
Twitter has taken pains to explain the software bug, perhaps to be sensitive to how it handles user data in the wake of the Cambridge Analytica scandal . The company is trying to get out in front of this crisis and provide transparency for users by describing exactly what happened.
The bug affected a process called hashing, which Twitter uses to mask users’ passwords by cryptographically converting them to different number and letter combinations before storing them.Twitter uses the masked passwords to validate users’ account credentials.
“This is an industry standard,” [Twitter’s CTO Parag Argawal] said.
However, the bug discovered by the company caused the passwords to be stored in an internal log before they were masked.
Argawal said that Twitter has “no reason to believe password information ever left Twitter’s systems or was misused by anyone” but recommended that users take extra steps to secure their accounts, including two-factor authentication and using different passwords for separate accounts.
Argawal raised hackles when he tried to claim that Twitter was going above and beyond to be transparent about data security.
We are sharing this information to help people make an informed decision about their account security. We didn’t have to, but believe it’s the right thing to do. https://t.co/yVKOqnlITA
— Parag Agrawal (@paraga) May 3, 2018
The assertion that Twitter “didn’t have to” was met with scorn.
"We didn't have to." Such arrogance at Twitter.
— Mark Dice (@MarkDice) May 3, 2018
lol you know what else you didn't have to do? Store our passwords in plain text.
— Λce (@AceOfWallStreet) May 3, 2018
Didn’t have to share? What!?
— Ned Pyle (@NerdPyle) May 3, 2018
— ✨crop top hater✨ (@mirahwood) May 3, 2018
Aragwal later backpedaled on his statement:
I should not have said we didn’t have to share. I have felt strongly that we should. My mistake. https://t.co/Cqbs1KiUWd
— Parag Agrawal (@paraga) May 3, 2018
His apology was received positively:
Tough day. You did the right thing. Stay strong, man.
— Ravi Narasimhan (@Ravi) May 3, 2018
Twitter chief Dorsey shared his love for his colleagues and that they were willing to apologize for their missteps:
Openly admitting our mistakes quickly, learning, and moving on. I love my teammates. https://t.co/pn9sgUf1Op
— jack (@jack) May 3, 2018
The crisis comes as Twitter continues to tinker with its platform and products hoping to entice more users and bolster earnings. :Last year the company posted its first-ever profitable quarter but has struggled to find real user growth. What do you think of Twitter’s crisis response efforts, PR Daily readers?
(Image via)
from PR Daily News Feed https://ift.tt/2KC019O
No comments:
Post a Comment