Twitter notifies security warnings that may leak user passwords due to encryption issues
Twitter, a well-known social networking site, began an announcement yesterday evening recommending that users update their passwords because of some unexpected errors in the Twitter backend support system. But then Twitter again issued security warnings requiring users to update their passwords as soon as possible and also to replace all accounts and passwords that have the same password with Twitter.
It seems that the seriousness of the security incident is still somewhat high, or else Twitter cannot recommend the user to change the password and change all accounts. The reason for this security incident is that Twitter is using a hashing algorithm called BCRYPT to replace letters and numbers in the user’s password.
After the new algorithm is encrypted, the string strength is higher and is not easily cracked. At the same time, the user can directly log in Twitter’s service by hashing the hash. However, due to an error, the clear text password recorded by the server is not encrypted before it is written to the internal log. Obviously, the plain text password has a very high-security threat.
Twitter is mainly worried that the plaintext password log written by the server may be seen by the company’s internal developers, and therefore strongly urges the user to change the password.
It is now known that Twitter engineers can access plaintext passwords, but whether engineers have checked plaintext passwords or leaked logs is unknown.
Therefore, the company is still conducting a security audit to assess potential threats, while the temporary tweeting is not mandatory and must actively replace the new password.
Users who use Twitter for security purposes should continue to pay attention to this security incident. If necessary, they need to replace all the same account passwords.