In a recent tweet send out by Jack Dorsey, the Twitter CEO urged all their users to change their passwords.
Dorsey explained in his tweet that they had discovered a bug which stores all passwords in an internal log before the completion of their masking/hashing process. Users of this social media platform were sent an alert that explained the situation. It also included a link to their account settings page for changing their passwords.
After the announcement of this bug, Parag Agrawal, CTO of Twitter, made a tweet where he said, “The Company didn’t have to inform users of this minuscule incident, but it did because it’s the right thing to do.”
While this was a smart crisis communications move, for this tweet, however, he took a lot of criticisms from other users; so, later made another tweet apologizing for the same. Dorsey applauded Agrawal for this tweet saying, he loves his teammates as they openly admit their mistakes and move on.
Agrawal wrote an entire post in the Company’s blog section providing greater insight into the bug.
He began by saying, “The Twitter’s technology masks a user password so that no one even in this Company can see it. Also called as hashing, this process turns a password into a random alphanumeric digit and stores it in the system.” It is an industry standard, Agrawal added.
Thus, upon logging in, the system can confirm a user without disclosing the password.
The bug that this social media giant discovered was storing all passwords in an internal log before they could be masked or hashed.
Agrawal informed that the Company found the bug themselves and has, therefore, deleted all the passwords stored in it. Twitter also launched an investigation which found that no data were compromised or misused.
Additionally, they have taken specific measures for preventing these types of bugs. Although he is sure that the passwords never left Twitter’s system, he still urged the users to change them as an added precaution. Agrawal further requested users to activate two-factor authentication and use different passwords in case one has multiple accounts.
The CTO also apologized to the Company’s 336 million users as part of their crisis communications strategy. “We appreciate and recognize the trust people have in Twitter and are committed to earning it every day,” said Agrawal.
What was ironic was that the announcement of this password bug made by this social media giant came on the World Password Day, a corporate holiday. This day was created by Intel to encourage sturdy passwords as well as online security, and is celebrated on the first Thursday in May.