Twitter advises 330 Million users to change passwords after bug detected



CatullusV

Well-known member
Joined
Jan 9, 2018
Messages
5,287

jmcc

Well-known member
Joined
Jun 12, 2004
Messages
42,610
There's no reason at all to store passwords on a platform.
The passwords were being hashed with Bcrypt but the plaintext passwords were being logged. It is not the first time that plaintext passwords were available on a platform and it won't be the last. The statement from Twitter does not give any details about the time that the bug was in operation.
 

CatullusV

Well-known member
Joined
Jan 9, 2018
Messages
5,287
The passwords were being hashed with Bcrypt but the plaintext passwords were being logged. It is not the first time that plaintext passwords were available on a platform and it won't be the last. The statement from Twitter does not give any details about the time that the bug was in operation.
The platform I work on doesn't store passwords in any form. It uses the userid as a hash for their password and stores that. Authentication is reversed. Actually, strike that out. On production systems it is now MFA. A userid, a password and an associated RSA code. Cumbersome stuff.
 


New Threads

Popular Threads

Most Replies

Top