Fail Of The Week – Twitter

Written by:
Damian Jennings
Date Posted:
4 May 2018

Due to a cock up in the hashing process that hides users’ passwords and replaces them with a string of random characters, Twitter shared all the passwords it has in plain text. Yes, plain text. 

It is urging its users to immediately change their passwords. Their CTO bleated:

“We are sharing this information to help people make an informed decision about their account security. We didn’t have to, but believe it’s the right thing to do.” Parag Agrawal

“Didn’t have to”? What the actual? No Parag, you didn’t legally have to, but in this day and age when you make a cock up as big as this, ‘fess up to it man!

Now, not surprisingly, Twitter has said there’s no evidence of any Naughty People getting hold of the unhashed passwords, but they would say that, wouldn’t they?

They say to everyone to change their passwords, but remember if you use a 3rd party tool like 1password or LastPass, you’ll have to change the passwords there too. You’re not protected. 

Twitter reckons they found the bug responsible for storing the passwords in a plaintext log all on their own and it is working to make sure the same snafu doesn’t happen again. Well, that’s nice, isn’t it?

On Thursday this week, it was change your password day, and this mess is just another stark reminder not to use the same password for everything, to use strong passwords and the best idea is to use a password manager like last pass or 1password. I know I sound like a broken record, but this stuff is really important. 

My brother (a Comp Sci PhD) went on and on about getting me to switch to 1pass for years. I went yeah yeah a lot. Then my gmail got hacked. And because I stupidly used the same password on a lot of services, I had a panic filled half day going through everything to make sure I was safe. If I had been using 1pass since he told me to, I wouldn’t have had the issue in the first place. I was lucky, no real harm happened to me aside from a spammer getting my address book, but it could have been a lot, lot worse. So, learn from my mistake and start using a password manager. Now. 

Rating: 5.0. From 1 vote.
Please wait...

Leave a Reply

Be the First to Comment!

avatar
  Subscribe  
Notify of

Hyve are 100% carbon neutral. We use carbon offsetting to balance out the release of carbon dioxide from our offices and infrastructure.