Twitter apologizes for mishandling password data

serverpoint hosting banner

If you’re on Twitter, the company says you should change your password.

This comes after a revelation that passwords were being stored unencrypted
internally. Although the company believes the passwords were not shared
outside the organization, employees had access to user passwords, and the
company says that’s reason enough for users to change them.

In blog post, Twitter explained:

When you set a password for your Twitter account, we use technology that
masks it so no one at the company can see it. We recently identified a bug
that stored passwords unmasked in an internal log. We have fixed the bug,
and our investigation shows no indication of breach or misuse by anyone.

Out of an abundance of caution, we ask that you consider changing your
password on all services where you’ve used this password. You can change
your Twitter password anytime by going to the password settings page.

[RELATED:


Take advantage of the power of video—regardless of resources or
budget
]

The company shared the news via its own platform:

Twitter’s CEO Jack Dorsey shared the tweet:

Twitter has taken pains to explain the software bug, perhaps to be
sensitive to how it handles user data

in the wake of the Cambridge Analytica scandal

. The company is trying to get out in front of this crisis and provide
transparency for users by describing exactly what happened.


The HuffPost wrote
:

The bug affected a process called hashing, which Twitter uses to mask
users’ passwords by cryptographically converting them to different number
and letter combinations before storing them.

Twitter uses the masked passwords to validate users’ account credentials.

“This is an industry standard,” [Twitter’s CTO Parag Argawal] said.

However, the bug discovered by the company caused the passwords to be
stored in an internal log before they were masked.

Argawal said that Twitter has “no reason to believe password information
ever left Twitter’s systems or was misused by anyone” but recommended that
users take extra steps to secure their accounts, including two-factor
authentication and using different passwords for separate accounts.

Argawal raised hackles when he tried to claim that Twitter was going above
and beyond to be transparent about data security.

The assertion that Twitter “didn’t have to” was met with scorn.

Aragwal later backpedaled on his statement:

His apology was received positively:

Twitter chief Dorsey shared his love for his colleagues and that they were willing to apologize for their missteps:

The crisis comes as Twitter continues to tinker with its platform and products hoping to entice more users and bolster earnings. :Last year the company posted its first-ever profitable quarter but has struggled to find real user growth.
What do you think of Twitter’s crisis response efforts, PR Daily readers?

(Image via)



You might also like More from author

Leave A Reply

Your email address will not be published.