Posts

Vulnerability: Twitter passwords stored in plain text

Twitter recently announced that all 300+ million user passwords have been exposed by being stored in plain text, without any encryption technology protecting the data.

Twitter uses a password encryption technology known as “bcrypt”. Bcrypt leverages a password hashing functionality so that the system can validate the account authentication without revealing the password. The culprit of the exposure was an internal bug in the Bcrypt system. The bug caused the passwords to be written to the log prior to the completion of the password hashing process and stored in plain text.

Twitter CTO Parag Agrawal reported that an internal investigation has already identified and fixed the error. Agrawal explained that no evidence of the passwords being misused or leaving the system had been observed.

Proficio Threat Intelligence Recommendations:

  • Change your Twitter password immediately and on any other site you may have used the same password
  • Do not reuse duplicate passwords for individual accounts
  • Enable two factor authentication

 

General Info- Click Here