Twitter paswoorden 'gelekt'

Ander nieuws dat te maken heeft met topics die op userbase kunnen besproken worden
Plaats reactie
Gebruikersavatar
devilkin
Administrator
Administrator
Berichten: 5998
Lid geworden op: 17 mei 2006, 20:10
Uitgedeelde bedankjes: 826 keer
Bedankt: 506 keer
Recent bedankt: 2 keer

Twitter is urging all of its 330 million users to change their passwords after a software glitch unintentionally exposed its users' passwords by storing them in readable text on its internal computer system.

The social media network disclosed the issue in an official blog post and a series of tweets from Twitter Support.
According to Twitter CTO Parag Agrawal, Twitter hashes passwords using a popular function known as bcrypt, which replaces an actual password with a random set of numbers and letters and then stored it in its systems.

This allows the company to validate users' credentials without revealing their actual passwords, while also masking them in a way that not even Twitter employees can see them.

However, a software bug resulted in passwords being written to an internal log before completing the hashing process—meaning that the passwords were left exposed on the company's internal system.
Parag said Twitter had found and resolved the problem itself, and an internal investigation had found no indication of breach or passwords being stolen or misused by insiders.
"We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again," Parag said.
"We are very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day."
Still, the company urged all of its 363 Million users to consider changing their passwords to be on a safer side.

https://thehackernews.com/2018/05/twitt ... sword.html
Telenet All-Internet -- using CV8560E & OPNsense on PCEngines APU2E4
Proximus & Mobile Vikings -- Using OnePlus 8 Pro (ROM: Stock)
Tomby
Elite Poster
Elite Poster
Berichten: 6348
Lid geworden op: 01 feb 2006, 12:36
Uitgedeelde bedankjes: 1285 keer
Bedankt: 485 keer
Recent bedankt: 2 keer

Is nu al het tweede dergelijk lek op korte tijd. Ook bij Github was er een issue dat paswoord in the clear in log files terecht kwamen : https://tweakers.net/nieuws/138225/twit ... ld-op.html
Plaats reactie

Terug naar “Ander nieuws”