Twitter urges all users to change passwords after glitch

(Reuters) - Twitter Inc urged its more than 330 million users to change their passwords after a glitch caused some to be stored in readable text on its internal computer system rather than disguised by a process known as "hashing".

The social network disclosed the issue in a blog post and series of Tweets on Thursday afternoon, saying it had resolved the problem and an internal investigation had found no indication passwords were stolen or misused by insiders. Still, it urged all users to consider changing their passwords.

"We fixed the bug and have no indication of a breach or misuse by anyone," Chief Executive Jack Dorsey said in a Tweet. "As a precaution, consider changing your password on all services where you’ve used this password."

The blog did not say how many passwords were affected. A person familiar with the company's response said the number was "substantial" and that they were exposed for "several months."

Tips for better passwords
See Gallery
Tips for better passwords

Be unique

Countless hacks have found many internet users tend to rely on simple phrases that are easily cracked. "Facebook" for a Facebook password and "LinkedIn123" for LinkedIn. Instead, use words phrases that are unique to your life, so they are easy to remember, but less easy to crack. 

REUTERS/Pawel Kopczynski 

Don't just use letters

Many sites require numbers and/or special characters in passwords these days, and for good reason. Passwords that only use letters are easier to figure out.


Go long

The longer your password, the better. Shorter passwords are easier for hackers to crack using high-powered computers. The longer the password, the longer it takes to crack, which means most will give up. 


Change your passwords

For the most secure accounts that you need protected, changing passwords regularly can help prevent a security breach. 


Don't use details people could know

While numbers are great additions to passwords, hackers could easily figure out the four digits of your birthday. Top security experts suggest ignoring dates entirely. (Shutterstock)

Pay attention to password reset questions too

Mitt Romney fell victim to a hacker when one was able to guess the name of his favorite pet and used it to retrieve and reset his email password in 2012. Stick with information that as few people as possible are likely to know


Use Password Managers

These services add an extra step into your password process, but they generate nearly crack-proof strings of alphanumeric combinations that are often at least 12-characters long. 

(David Muir via Getty Images)

Avoid using them on stranger computers

Computer used at a library or even a friend's house could have malware that steals your passwords.



The disclosure comes as lawmakers and regulators around the world scrutinize the way that companies store and secure consumer data, after a string of security incidents at Equifax Inc, Facebook Inc and Uber Technologies Inc [UBER.UL].

The European Union is due later this month to start enforcing a strict new privacy law, the General Data Protection Regulation, that includes steep fees for violators.

Twitter discovered the bug a few weeks ago and has reported it to some regulators, said the person, who was not authorized to discuss the matter publicly.

The U.S. Federal Trade Commission, which investigates companies accused of deceptive practices related to data security, declined comment on the password glitch.

The agency settled with Twitter in 2010 over accusations the site had “serious lapses” in data security that let hackers access private user data on two occasions. The settlement called for audits of Twitter's data security program every other year for 10 years.

The glitch was related to Twitter's use of "hashing" and caused passwords to be written on an internal computer log before the scrambling process was completed, the blog said.  

"We are very sorry this happened," the Twitter blog said.

Twitter's share price was down 1 percent in extended trade at $30.35, after gaining 0.4 percent during the session.

The company advised users to take precautions to ensure that their accounts are safe, including changing passwords and enabling Twitter's two-factor authentication service to help prevent accounts from being hijacked.

(Reporting by Jim Finkle in Toronto; Additional reporting by Diane Bartz in Washington; editing by Susan Thomas and Bill Rigby)

Read Full Story