Menu
Twitter tells users to change passwords

Twitter tells users to change passwords

Twitter has urged its more than 330 million users to change their passwords after they were stored in an internal log in plain text.

Twitter has urged its more than 330 million users to change their passwords after they were stored in an internal log in plain text.

The social network disclosed the issue in a blog post and series of Tweets , saying it had resolved the problem and an internal investigation had found no indication passwords were stolen or misused by insiders. Still, it urged all users to consider changing their passwords.

"We fixed the bug and have no indication of a breach or misuse by anyone," Twitter CEO Jack Dorsey said in a Tweet. "As a precaution, consider changing your password on all services where you’ve used this password."

The blog did not say how many passwords were affected. A person familiar with the company's response said the number was "substantial" and that they were exposed for "several months."

The disclosure comes as lawmakers and regulators around the world scrutinize the way that companies store and secure consumer data, after a string of security incidents at Equifax, Facebook and Uber .

The European Union is due later this month to start enforcing a strict new privacy law, the General Data Protection Regulation, that includes steep fees for violators.

Twitter discovered the bug a few weeks ago and has reported it to some regulators, said the person, who was not authorized to discuss the matter publicly.

The U.S. Federal Trade Commission, which investigates companies accused of deceptive practices related to data security, declined comment on the password glitch.

The agency settled with Twitter in 2010 over accusations the site had “serious lapses” in data security that let hackers access private user data on two occasions. The settlement called for audits of Twitter's data security programme every other year for 10 years.

The glitch was related to Twitter's use of "hashing" and caused passwords to be written on an internal computer log before the scrambling process was completed, the blog said.  

"We are very sorry this happened," the Twitter blog said.

Twitter's share price was down 1 percent in extended trade at US$30.35, after gaining 0.4 percent during the session.

The company advised users to take precautions to ensure that their accounts are safe, including changing passwords and enabling Twitter's two-factor authentication service to help prevent accounts from being hijacked.

(Reporting by Jim Finkle in Toronto; Additional reporting by Diane Bartz in Washington; editing by Susan Thomas and Bill Rigby)


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags cyber security

Featured

Slideshows

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

New Zealanders kick-started EDGE 2018 with a bout of Super Rugby before a dedicated New Zealand session, in front of more than 50 partners, vendors and distributors on Hamilton Island.​

EDGE 2018: Kiwis kick back with Super Rugby before NZ session
EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018 kicked off with a dedicated New Zealand track, highlighting the key customer priorities across the local market, in association with Dell EMC. Delivered through EDGE Research - leveraging Kiwi data through Tech Research Asia - more than 50 partners, vendors and distributors combined during an interactive session to assess the changing spending patterns of the end-user and the subsequent impact to the channel.

EDGE 2018: Kiwis assess key customer priorities through NZ research
Show Comments