Tech

Twitter password drama: time to change your passwords

Time to update your passwords folks. Twitter has announced this morning that they’ve discovered a “bug” in their system which had every single twitter account password stored in plain text unencrypted.

When you create a password on any service, it is normally stored in a format that at a glance is not your actual password. It’s a process called “Hashing” which allows the system to authenticate you, but doesn’t allow – for example – a system engineer to look at the database and see everyone’s passwords.

Turns out, Twitter had a log file on a computer where all the user passwords were stored in plain text, before the hashing process.

Ooops. That’s not a bug, it’s a programming mistake.

And while no dates have been revealed as part of the statement, we can assume that every single account for all time has been part of this “bug”

Stupidly, Twitter’s Chief Technology Officer (CTO) Parag Agrawal tweeted that the company “didn’t have to” reveal this:

Likely after much outrage, he corrected himself in a small way:

Bottom line, there’s no evidence your password has been obtained by any external party – but – there’s no way they will ever know if a rogue employee took a copy of them all.

As a precaution – change your password. On Twitter, and on any other site where you used that same password.

Trevor Long( Editor )

Trev is a Technology Commentator, Dad, Speaker and Rev Head.

He produces and hosts several popular podcasts, EFTM, Two Blokes Talking Tech, Two Blokes Talking Electric Cars, The Best Movies You’ve Never Seen, and the Private Feed. He is the resident tech expert for Triple M on radio across Australia, and is the resident Tech Expert on Channel 9’s Today Show and appears regularly on 9 News, A Current Affair and Sky News Early Edition.

Father of three, he is often found in his Man Cave.

Like this post? Buy Trev a drink!