Twitter advises 330 Million users to change passwords after bug detected



CatullusV

Well-known member
Joined
Jan 9, 2018
Messages
8,566

jmcc

Well-known member
Joined
Jun 12, 2004
Messages
46,240
There's no reason at all to store passwords on a platform.
The passwords were being hashed with Bcrypt but the plaintext passwords were being logged. It is not the first time that plaintext passwords were available on a platform and it won't be the last. The statement from Twitter does not give any details about the time that the bug was in operation.
 

CatullusV

Well-known member
Joined
Jan 9, 2018
Messages
8,566
The passwords were being hashed with Bcrypt but the plaintext passwords were being logged. It is not the first time that plaintext passwords were available on a platform and it won't be the last. The statement from Twitter does not give any details about the time that the bug was in operation.
The platform I work on doesn't store passwords in any form. It uses the userid as a hash for their password and stores that. Authentication is reversed. Actually, strike that out. On production systems it is now MFA. A userid, a password and an associated RSA code. Cumbersome stuff.
 


New Threads

Most Replies

Top Bottom