Jump to content
Guest_Jim_*

Twitter Passwords Potentially Compromised

Recommended Posts

While this is certainly not the kind of news any company wants to give, it also appears to not be as bad as it could be. Twitter recently discovered a bug in its system for storing passwords that produced an internal log of all passwords, unmasked. While there is no evidence the passwords left Twitter's systems or were misused, the company still recommends people change their passwords.

Normally when storing passwords, companies like Twitter run them through a hashing function, in this case bcrypt, which will replace the password with seemingly random numbers and letters. This hashed version can then be used to validate account credentials without actually revealing the password. The issue Twitter discovered was that an internal log was being written with passwords prior to this hashing process. The passwords have been removed from the log and solutions to this bug are being implemented.

Source: Twitter



Back to original news post

Share this post


Link to post
Share on other sites

Two kinds of websites those that know they been hacked and those that just dont know it yet

Yes, but to be fair this was not the result of Twitter being hacked, but by a failure of proper security checks when designing or implementing their systems. Of course if the systems the log files were on were hacked, then all of the passwords are compromised.

Share this post


Link to post
Share on other sites

I want to say yes. Someone logged into my account last month. Not sure for what purpose. Deleted the Twitter account since I never use it.

Share this post


Link to post
Share on other sites

I want to say yes. Someone logged into my account last month. Not sure for what purpose. Deleted the Twitter account since I never use it.

i never use it either, don't even remember if I actually signed up for twitter... I seem to remember I tried it way back when it was new, but dropped it quickly... If russia or north korea wanted a secret base of operations to work from through a vpn then why not through getting old unused accounts passwords ?... hmm

 

"Dance like Russia isn't watching you !"

Share this post


Link to post
Share on other sites

×