General Discussion
  >> General Broadband Chatter


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | (show all)   Print Thread
Standard User RobertoS
(elder) Thu 03-May-18 22:30:21
Print Post

Twitter advising everyone to change passwords


[link to this post]
 
Twitter has warned its 330 million users to change their passwords after a glitch exposed some in plain text on its internal network.

The social network said an internal investigation had found no indication passwords were stolen or misused by insiders.

However, it still urged all users to consider changing their passwords "out of an abundance of caution".
Link.

I don't think I'll bother.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. 200GB. Sync 67717/13670Kbps @ 600m. BQMs - IPv4 & IPv6

Edited by RobertoS (Thu 03-May-18 22:30:48)

Standard User PaulKirby
(knowledge is power) Thu 03-May-18 22:57:00
Print Post

Re: Twitter advising everyone to change passwords


[re: RobertoS] [link to this post]
 
In reply to a post by RobertoS:
I don't think I'll bother.

I use 2-Step and also use a complete random made up password not used anywhere else along with its own email address, so unless they also have my phone they are not getting in.

Also the only people that would see those logged passwords would be Twitter Staff.

Paul

BTBroadband - Ultrafast 2 + FVA
Exchange Name: Ilford Central (LNILC) Cabinet: 24
TBB Speedtest IPv4 | TBB Speedtest IPv6 | Ookla Speedtest | Linksys WRT 3200 ACM (BQM)
Standard User RobertoS
(elder) Thu 03-May-18 23:56:29
Print Post

Re: Twitter advising everyone to change passwords


[re: PaulKirby] [link to this post]
 
Leaks only occur from staff or contractors.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. 200GB. Sync 67717/13670Kbps @ 600m. BQMs - IPv4 & IPv6


Register (or login) on our website and you will not see this ad.

Standard User ian72
(eat-sleep-adslguide) Fri 04-May-18 08:26:31
Print Post

Re: Twitter advising everyone to change passwords


[re: RobertoS] [link to this post]
 
Luckily I fixed all my problems with Twitter leaking passwords over a year ago. I deleted my account wink

Plus the username and password for it were unique to Twitter so even if our friends at Twitter didn't delete the data it isn't going to do anyone any good.
Standard User MHC
(sensei) Fri 04-May-18 08:51:48
Print Post

Re: Twitter advising everyone to change passwords


[re: PaulKirby] [link to this post]
 
So, they are storing passwords unencrypted ... why? And if they are visible to staff, how long before a hacker gains access to them?

And as passwords can be classed as personal data, then surely there is a potential breach of data protection.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

M H C


taurus excreta cerebrum vincit
Standard User PaulKirby
(knowledge is power) Fri 04-May-18 08:54:13
Print Post

Re: Twitter advising everyone to change passwords


[re: MHC] [link to this post]
 
In reply to a post by MHC:
So, they are storing passwords unencrypted ... why? And if they are visible to staff, how long before a hacker gains access to them?

And as passwords can be classed as personal data, then surely there is a potential breach of data protection.

No, they hash them with blowfish, but put the log before it hashed it, so the logs showed the passwords.

Paul

BTBroadband - Ultrafast 2 + FVA
Exchange Name: Ilford Central (LNILC) Cabinet: 24
TBB Speedtest IPv4 | TBB Speedtest IPv6 | Ookla Speedtest | Linksys WRT 3200 ACM (BQM)
Standard User GonePostal
(member) Fri 04-May-18 11:06:10
Print Post

Re: Twitter advising everyone to change passwords


[re: PaulKirby] [link to this post]
 
So for as long as the log is stored they are storing passwords unencrypted then. Looks like M H C has a valid point even if they are only stored for a short period time. After all, if the logs were not stored, how did Twitter know there were unencrypted passwords in their system?
Standard User PaulKirby
(knowledge is power) Fri 04-May-18 19:40:31
Print Post

Re: Twitter advising everyone to change passwords


[re: GonePostal] [link to this post]
 
In reply to a post by GonePostal:
So for as long as the log is stored they are storing passwords unencrypted then. Looks like M H C has a valid point even if they are only stored for a short period time. After all, if the logs were not stored, how did Twitter know there were unencrypted passwords in their system?

This might be true, I think they saw it when they did some looking into some server issues they had a little while back, this was probably when they saw it.
I know they said as soon as they noticed this they updated the site to resolve the security issue.

Sure it was a security issue, but most people including myself were fine due to using 2-Step login, so even if they get my password (which is random characters just for Twitter) they would also need my phone to login.

Paul

BTBroadband - Ultrafast 2 + FVA
Exchange Name: Ilford Central (LNILC) Cabinet: 24
TBB Speedtest IPv4 | TBB Speedtest IPv6 | Ookla Speedtest | Linksys WRT 3200 ACM (BQM)
Standard User RobertoS
(elder) Fri 04-May-18 19:43:31
Print Post

Re: Twitter advising everyone to change passwords


[re: PaulKirby] [link to this post]
 
How do you know that most people use 2-step login? Or have they said so?

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. 200GB. Sync 67717/13670Kbps @ 600m. BQMs - IPv4 & IPv6
Standard User PaulKirby
(knowledge is power) Fri 04-May-18 20:04:13
Print Post

Re: Twitter advising everyone to change passwords


[re: RobertoS] [link to this post]
 
In reply to a post by RobertoS:
How do you know that most people use 2-step login? Or have they said so?

Well it was an assumption, best practices etc, plus everyone I know that go online are all using uses 2-Step to login where ever its supported.
Whether it being an SMS with a code or the use of an Authenticator, they use it.

Now are there people that don't use 2-Step to log in, yes there probably are.

But it only takes a few mins to set up and an extra step to take when you login the first time after activating it or if you login from a new device or when you link services to it, but that is no reason why you shouldn't add this extra security level to protect your account.

Paul

BTBroadband - Ultrafast 2 + FVA
Exchange Name: Ilford Central (LNILC) Cabinet: 24
TBB Speedtest IPv4 | TBB Speedtest IPv6 | Ookla Speedtest | Linksys WRT 3200 ACM (BQM)
Pages in this thread: 1 | 2 | 3 | (show all)   Print Thread

Jump to