It seems that the social media platforms are experiencing a tough time fending off the attacks on their services and devices. From social media giant Facebook to the search engine giant Google, everyone has been a victim of one or other kind of security flaws. We all remember the Meltdown and Spectre security flaws which affected almost every device available in the world. Apart from these security flaws, the major concern is the bugs that affect the services. In one of the most recent security attack, Twitter is affected by a bug which is a threat to a user's password.
Twitter is cautioning its users to change their password. The company has recently revealed that due to a bug in the system their service is hampered. The bug in the system has made the password of the all the users across the world to be stored in an unmasked form. This clearly indicates that the passwords remained unprotected in its log until the bug was identified. This is a major security concern which the company needs to resolve immediately.
Commenting on the situation, Twitter said that:
We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone. Out of an abundance of caution, we ask that you consider changing your password on all services where you've used this password.
Twitter utilizes a tool which is called "bcrypt' for a masking process. This process replaces the original password with a random set of numbers and letters. This process is known as 'hashing' using which all the passwords are stored in a non-decipherable form in Twitter's database. This allows the real password to stay hidden on the platform.
Hashing is said to be used as a standard process across the industry. Further, the bug which is identified by Twitter is said to store a users password in original form on an internal log before the hashing process could start. This leaves the login credentials of all the users vulnerable to attacks.
However, Twitter is also claiming that no security breach or the exploitation of the bug has been discovered yet. Moreover, Twitter's security tea has also removed all the passwords that were stored in an internal log. The company is now working to make sure that the bug does not pose any kind of security threat for the platform in the future.
Following the discovery of the bug, Twitter is now sending a security message to all users in which the company has requested its users to change their login credentials. The company has also advised its users to use a strong password and also activate two-factor authentication as an additional security measure.