This morning, Twitter suddenly appealed all its users amounted to 330 million, to change the password . Therefore, the password storage system on Twitter was not working properly, because of a bug . “When you set a password for a Twitter account, we use technology to disguise it, so it can not be seen by anyone within the company’s internal scope,” said CTO Twitter, Parag Agrawal in an official Twitter blog post.
“We later found out that there are bugs (security holes) that cause passwords to be stored without disguise,” continued Agrawal. According to him, Twitter uses the industry-standard bcryp hashing to disguise passwords , where password characters are replaced with random numbers and letters on the Twitter system.
Well, because there is a bug, the password is actually written in the internal log in the form of text what it is ( plain text ), which is easy to read before the hashing process is complete. Agrawal said the bug was found by the Twitter side and has been fixed.
Anticipatory measures are implemented to prevent similar problems from reappearing. Twitter said there was no indication that plain text users’ passwords were ever misused by anyone, or taken out of the Twitter system.
Even so, as summarized infocommworld from The Verge, Friday (4/5/2018), users are still asked just in case. “We ask that you consider changing the password in all services where you use keywords (same as password for this Twitter account),” Agrawal said. The Twitter Password can be changed on the Settings page, or please click on the following link.