Twitter asks its users to change the password for a failure
Twitter on Thursday asked all users to change their password as a precautionary measure after there was an "error" by the company. The social network explained in a statement that it detected a momentary failure in one of its internal password encryption processes. "We mask passwords through a process called hashing using a function known as bcrypt, which replaces the real password with a random set of numbers and letters that are stored in the Twitter system," the company said.
The recommendation is contained in an annotation on the company's blog, signed by Twitter's technical manager, Parag Agrawal, in which he describes how that error occurred and the measures it recommends to guarantee confidentiality. According to the notice, Twitter stores the encrypted passwords, replaced the text written by the user with a series of numbers and letters, and stores the data in their own systems, a "hashing" process that qualifies as "standard".
But "due to an error, passwords were written to an internal registry without completing the hashing process," the company adds, although it does not clarify how many users affected the error. "We found the error ourselves, we eliminated the passwords and are executing plans to prevent this error from happening again," adds Twitter, a service used by more than 300 million users.
The firm insists that there are no reasons to indicate that "the information of the passwords has left the Twitter systems or has been misused by anyone". Even so, and "as an excess of caution," he recommends changing the passwords of access to Twitter and those of other services that use the same key, and replace it with new ones with greater security and that is not being used in other accesses. It also recommends a double verification factor or any computer tool that manages passwords. "We are very sorry that this happened," adds Agrawal.
Through a note, Twitter provided some steps for its users to maintain the security of their accounts:
-Change your password on Twitter and any other service where you have used the same password.
-Use a secure password that you do not use on other websites.
- Enable verification of login. This is the best action you can do to increase the security of your account.
-Use a password manager to make sure you are using strong and unique passwords everywhere.
"We are very sorry that this happened, we recognize and appreciate the trust they have placed in us, and we are committed to earning that trust every day," Twitter apologized.