Users are advised to change their passwords on Twitter and anywhere else they use their Twitter passwords, including third-party apps like TweetDeck or Tweeterrific. Unfortunately, they just found out that there's a bug whereby unmasked passwords were stored in an internal plain text log before the hashing process is completed. An internal investigation "shows no indication of breach or misuse by anyone" and there's "no reason to believe password information ever left Twitter's systems or was misused by anyone", the social-media firm said. The company has now asked all of its users to change their passwords immediately. "We recognize and appreciate the trust you place in us, and are committed to earning that trust every day", Agrawal went on to say.
To not make such mistakes again in the future, the company says, they are now implementing plans to secure the user's information including their passwords. Though the corporate stated there is no such thing as a proof passwords have been leaked or misused, it's urging its customers to replace their passwords. The company assures that there was no breach of security, the data was deleted, and that it has already started to take appropriate measures to prevent any such bug from occurring again. That wouldn't have made a change in the Twitter case, but not all online service makes use of hashing, and some that do still depend on older, easier-to-decode versions.
Shapshak advises that users should opt for a secure password manager to keep log-in details safe.
Shortly later, as negative comments toward Twitter and Agrawal continued, Kaminsky tweeted: "It's genuinely exhausting seeing Twitter get raged against for making a very, very hard call, correctly". Dan Kaminsky, a well-known security expert who is chief scientist at WhiteOps, tweeted to Agrawal: "You did the courageous thing". And they assure us for the safety of our personal information as well.