Posted on 05/03/2018 5:32:13 PM PDT by BenLurkin
Twitter is urging its users to change their passwords following a bug that was identified on the social media platform. While the bug has since been fixed, the company assures users there were no signs of breach or misuse of the passwords by anyone.
In an effort to establish complete transparency, Twitter Chief Technical Officer Parag Agrawal took to Twitter’s blog to explain exactly what happened. When setting a password on your Twitter account, the platform uses technology that masks it so that no one else at the company can see it.
Twitter’s passwords are masked through a process called hashtag that uses a function known as bcrypt. This means that the passwords are replaced with a random set of numbers and letters stored within Twitter’s system. That way, the company can validate your account without giving away your password.
But due to the bug, passwords were written to an internal log before the hashtag process was completed — leaving them exposed. Twitter found the bug, removed the passwords from the log, and are planning ways to prevent this from occurring in the future.
While the company hasn’t found evidence the password information left Twitter’s systems, or was taken by anyone, it still recommends users to take the necessary precautions. Knowing its system can be accessed by its employees, it’s definitely best to change your password just in case.
(Excerpt) Read more at digitaltrends.com ...
>>That way, the company can validate your account without giving away your password.
Except they did give away your password
Changed to a different schema.
I read some, rarely post. Why anyone follows me at all is a mystery.
Sounds like a feature to me.
I don’t trust Twitter about anything.
I suspect their motives on this one too.
I’ve got 7900 followers on mine.
I don’t trust Twitter at all.
Wayne Rogers followed me for a few days then died of old age.
I was flattered that he thought enough of me to do that.
And none of my followers are fake or bought.
I check each one and follow most of mine.
I’ve easily blocked 2 times my followers.
Then I learned a trick, by blocking and then unblocking, it will remove the unwanted followers.
Clearly 3/4 of users on Twitter are fake or troll of some kind.
I’ve used it since 2009, only have one account and don’t plan to add another. I do have a mirror GAB account. Seldom ever use it now.
Who is Wayne Rogers?
Trapper John from MASH and later some kind of money/finance guy.
I rarely tweet also. So if someone steals my account no big deal. I’ll just create another.
OK a celeb?
I have some interesting followers. But the most interesting ones I probably should not recognize. smile.
A highly successful and cogent “money guy” that was on major financial shows back when people watched them. Surprisingly different than the character he played on MASH, but probably a tech lib.
That’s not a bug, that’s a feature.
Be prepared, we might get some extra wild tweets from President Trump's account now. No telling who got his password (Russia!).
What a journalistic tech-writing train wreck. This was written by some journo who has a half-baked understanding and she manages to mangle the explanation. The writer thinks password encryption involves "hashtag" when she means "hashing".
Probably their older encryption kept them from selling the current password database, so requiring everyone changing it to store in the new database will make it easier to sell the access. /S
Unless I miss-read the statement, it was only an internal file that was in the open. I suspect from the web it was not available.
The new file probably is internally encrypted too now.
So they say.
You know the Feds have the key to it all. They have same thing with Microsoft too.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.