Saturday, July 20, 2024
EHA

330 Million Twitter Users are Urged to Change Passwords after the Twitter Bug Exposed Them in Plain Text

Twitter urges all of it’s 330 Million users to change the password immediately after a Twitter bug identified in their internal system that exposed the passwords in plain text.

To mask the password twitter uses the hashing function “bcrypt” that replaces the actual password to a random number and stored in the Twitter system. Due to this the Twitter bug that password are were added to their system before hashing process completed.

Now the company said they have resolved the issue removed the passwords, and are implementing plans to prevent this bug from happening again.

Also, the company confirms according to their investigation there is no indication of breach or misuse by anyone. The Twitter blog post doesn’t say how many users affected, according to Reuters “a person familiar with the company’s response said the number was “substantial” and that they were exposed for “several months.”

After the incident disclosure twitter’s share price dropped by 1 percent, the disclosure comes at the lawmakers urges companies on how the credentials are stored.

The General Data Protection Regulation (GDPR) is to be applied from 25 May 2018 and it applies to all companies that collect and process data belonging to European Union (EU) citizens.

GDPR introduces a requirement for all organizations to report certain types of data breaches to the relevant governing body and your customers. You must notify the relevant stakeholders if your data breach will result in discrimination, damage to reputation, financial loss or loss of confidentiality of individuals.

“We are very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.” reads the company statement.

The company advised user’s Use a strong password and also two enable two-factor authentication.

Website

Latest articles

Hackers Claiming Dettol Data Breach: 453,646 users Impacted

A significant data breach has been reported by a threat actor known as 'Hana,'...

CrowdStrike Update Triggers Widespread Windows BSOD Crashes

A recent update from cybersecurity firm CrowdStrike has caused significant disruptions for Windows users,...

Operation Spincaster Disrupts Approval Phishing Technique that Drains Victim’s Wallets

Chainalysis has launched Operation Spincaster, an initiative to disrupt approval phishing scams that have...

Octo Tempest Know for Attacking VMWare ESXi Servers Added RansomHub & Qilin to Its Arsenal

Threat actors often attack VMware ESXi servers since they accommodate many virtual machines, which...

TAG-100 Actors Using Open-Source Tools To Attack Gov & Private Orgs

Hackers exploit open-source tools to execute attacks because they are readily available, well-documented, and...

macOS Users Beware Of Weaponized Meeting App From North Korean Hackers

Meeting apps are often targeted and turned into weapons by hackers as they are...

Hackers Exploiting Legitimate RMM Tools With BugSleep Malware

Since October 2023, MuddyWater, which is an Iranian threat group linked to MOIS, has...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles