General Discussion
  >> General Broadband Chatter


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | (show all)   Print Thread
Standard User RobertoS
(elder) Thu 03-May-18 22:30:21
Print Post

Twitter advising everyone to change passwords


[link to this post]
 
Twitter has warned its 330 million users to change their passwords after a glitch exposed some in plain text on its internal network.

The social network said an internal investigation had found no indication passwords were stolen or misused by insiders.

However, it still urged all users to consider changing their passwords "out of an abundance of caution".
Link.

I don't think I'll bother.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. 200GB. Sync 67717/13670Kbps @ 600m. BQMs - IPv4 & IPv6

Edited by RobertoS (Thu 03-May-18 22:30:48)

Standard User PaulKirby
(knowledge is power) Thu 03-May-18 22:57:00
Print Post

Re: Twitter advising everyone to change passwords


[re: RobertoS] [link to this post]
 
In reply to a post by RobertoS:
I don't think I'll bother.

I use 2-Step and also use a complete random made up password not used anywhere else along with its own email address, so unless they also have my phone they are not getting in.

Also the only people that would see those logged passwords would be Twitter Staff.

Paul

BTBroadband - Ultrafast 2 + FVA
Exchange Name: Ilford Central (LNILC) Cabinet: 24
TBB Speedtest IPv4 | TBB Speedtest IPv6 | Ookla Speedtest | Linksys WRT 3200 ACM (BQM)
Standard User RobertoS
(elder) Thu 03-May-18 23:56:29
Print Post

Re: Twitter advising everyone to change passwords


[re: PaulKirby] [link to this post]
 
Leaks only occur from staff or contractors.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. 200GB. Sync 67717/13670Kbps @ 600m. BQMs - IPv4 & IPv6


Register (or login) on our website and you will not see this ad.

Standard User ian72
(eat-sleep-adslguide) Fri 04-May-18 08:26:31
Print Post

Re: Twitter advising everyone to change passwords


[re: RobertoS] [link to this post]
 
Luckily I fixed all my problems with Twitter leaking passwords over a year ago. I deleted my account wink

Plus the username and password for it were unique to Twitter so even if our friends at Twitter didn't delete the data it isn't going to do anyone any good.
Standard User MHC
(sensei) Fri 04-May-18 08:51:48
Print Post

Re: Twitter advising everyone to change passwords


[re: PaulKirby] [link to this post]
 
So, they are storing passwords unencrypted ... why? And if they are visible to staff, how long before a hacker gains access to them?

And as passwords can be classed as personal data, then surely there is a potential breach of data protection.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

M H C


taurus excreta cerebrum vincit
Standard User PaulKirby
(knowledge is power) Fri 04-May-18 08:54:13
Print Post

Re: Twitter advising everyone to change passwords


[re: MHC] [link to this post]
 
In reply to a post by MHC:
So, they are storing passwords unencrypted ... why? And if they are visible to staff, how long before a hacker gains access to them?

And as passwords can be classed as personal data, then surely there is a potential breach of data protection.

No, they hash them with blowfish, but put the log before it hashed it, so the logs showed the passwords.

Paul

BTBroadband - Ultrafast 2 + FVA
Exchange Name: Ilford Central (LNILC) Cabinet: 24
TBB Speedtest IPv4 | TBB Speedtest IPv6 | Ookla Speedtest | Linksys WRT 3200 ACM (BQM)
Standard User GonePostal
(member) Fri 04-May-18 11:06:10
Print Post

Re: Twitter advising everyone to change passwords


[re: PaulKirby] [link to this post]
 
So for as long as the log is stored they are storing passwords unencrypted then. Looks like M H C has a valid point even if they are only stored for a short period time. After all, if the logs were not stored, how did Twitter know there were unencrypted passwords in their system?
Standard User PaulKirby
(knowledge is power) Fri 04-May-18 19:40:31
Print Post

Re: Twitter advising everyone to change passwords


[re: GonePostal] [link to this post]
 
In reply to a post by GonePostal:
So for as long as the log is stored they are storing passwords unencrypted then. Looks like M H C has a valid point even if they are only stored for a short period time. After all, if the logs were not stored, how did Twitter know there were unencrypted passwords in their system?

This might be true, I think they saw it when they did some looking into some server issues they had a little while back, this was probably when they saw it.
I know they said as soon as they noticed this they updated the site to resolve the security issue.

Sure it was a security issue, but most people including myself were fine due to using 2-Step login, so even if they get my password (which is random characters just for Twitter) they would also need my phone to login.

Paul

BTBroadband - Ultrafast 2 + FVA
Exchange Name: Ilford Central (LNILC) Cabinet: 24
TBB Speedtest IPv4 | TBB Speedtest IPv6 | Ookla Speedtest | Linksys WRT 3200 ACM (BQM)
Standard User RobertoS
(elder) Fri 04-May-18 19:43:31
Print Post

Re: Twitter advising everyone to change passwords


[re: PaulKirby] [link to this post]
 
How do you know that most people use 2-step login? Or have they said so?

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. 200GB. Sync 67717/13670Kbps @ 600m. BQMs - IPv4 & IPv6
Standard User PaulKirby
(knowledge is power) Fri 04-May-18 20:04:13
Print Post

Re: Twitter advising everyone to change passwords


[re: RobertoS] [link to this post]
 
In reply to a post by RobertoS:
How do you know that most people use 2-step login? Or have they said so?

Well it was an assumption, best practices etc, plus everyone I know that go online are all using uses 2-Step to login where ever its supported.
Whether it being an SMS with a code or the use of an Authenticator, they use it.

Now are there people that don't use 2-Step to log in, yes there probably are.

But it only takes a few mins to set up and an extra step to take when you login the first time after activating it or if you login from a new device or when you link services to it, but that is no reason why you shouldn't add this extra security level to protect your account.

Paul

BTBroadband - Ultrafast 2 + FVA
Exchange Name: Ilford Central (LNILC) Cabinet: 24
TBB Speedtest IPv4 | TBB Speedtest IPv6 | Ookla Speedtest | Linksys WRT 3200 ACM (BQM)
Standard User Vorlon
(fountain of knowledge) Sun 06-May-18 17:43:23
Print Post

Re: Twitter advising everyone to change passwords


[re: RobertoS] [link to this post]
 
I still find it amazing that many often use only one possible two passwords across the whole range of login's they use internet wise.

Personally I'd always change a password in light of a company admitting to a possible breach. In my mind, it doesn't take long to update and can save you a whole bunch of hassle even if that's down the line.
Standard User PaulKirby
(knowledge is power) Sun 06-May-18 21:57:29
Print Post

Re: Twitter advising everyone to change passwords


[re: Vorlon] [link to this post]
 
In reply to a post by Vorlon:
I still find it amazing that many often use only one possible two passwords across the whole range of login's they use internet wise.

Personally I'd always change a password in light of a company admitting to a possible breach. In my mind, it doesn't take long to update and can save you a whole bunch of hassle even if that's down the line.

Agreed, I use different email addresses made specially for that service and use different random passwords for each.
So if one gets leaked I only have to change just the one password.

I was forced to change my Twitter password the other day and yes, it only took a couple of mins to do.

Paul

BTBroadband - Ultrafast 2 + FVA
Exchange Name: Ilford Central (LNILC) Cabinet: 24
TBB Speedtest IPv4 | TBB Speedtest IPv6 | Ookla Speedtest | Linksys WRT 3200 ACM (BQM)
Standard User MHC
(sensei) Mon 07-May-18 09:09:33
Print Post

Re: Twitter advising everyone to change passwords


[re: Vorlon] [link to this post]
 
In reply to a post by Vorlon:
I still find it amazing that many often use only one possible two passwords across the whole range of login's they use internet wise.


What is wrong with having just one or two? I am sure there are services based in Russia, India, Nigeria etc where you just give them all your logins along wit te compromised password and they will update all of them for you. They might even do it free!


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

M H C


taurus excreta cerebrum vincit
Standard User Zadeks
(experienced) Mon 07-May-18 11:44:23
Print Post

Re: Twitter advising everyone to change passwords


[re: RobertoS] [link to this post]
 
Bet they don't.

https://www.theregister.co.uk/2018/01/17/no_one_uses...
Standard User PaulKirby
(knowledge is power) Mon 07-May-18 11:52:48
Print Post

Re: Twitter advising everyone to change passwords


[re: Zadeks] [link to this post]
 
In reply to a post by Zadeks:
Bet they don't.

https://www.theregister.co.uk/2018/01/17/no_one_uses...

Well I must be one of the 10% then because I do, well where I can that is.

Paul

BTBroadband - Ultrafast 2 + FVA
Exchange Name: Ilford Central (LNILC) Cabinet: 24
TBB Speedtest IPv4 | TBB Speedtest IPv6 | Ookla Speedtest | Linksys WRT 3200 ACM (BQM)

Edited by PaulKirby (Mon 07-May-18 11:53:14)

Standard User Michael_Chare
(fountain of knowledge) Mon 07-May-18 15:24:09
Print Post

Re: Twitter advising everyone to change passwords


[re: PaulKirby] [link to this post]
 
How were you forced to change?

Michael Chare
Standard User PaulKirby
(knowledge is power) Mon 07-May-18 15:38:25
Print Post

Re: Twitter advising everyone to change passwords


[re: Michael_Chare] [link to this post]
 
In reply to a post by Michael_Chare:
How were you forced to change?

The change password window popped up and I couldn't progress to the main page.
Its fine it was due for change anyhow.

Paul

BTBroadband - Ultrafast 2 + FVA
Exchange Name: Ilford Central (LNILC) Cabinet: 24
TBB Speedtest IPv4 | TBB Speedtest IPv6 | Ookla Speedtest | Linksys WRT 3200 ACM (BQM)
Standard User Michael_Chare
(fountain of knowledge) Mon 07-May-18 19:32:19
Print Post

Re: Twitter advising everyone to change passwords


[re: PaulKirby] [link to this post]
 
Thank you. I don't use Twitter very much possibly not in the past 6 months, but when I did log in today I was not forced to change my password

Michael Chare
Standard User PaulKirby
(knowledge is power) Tue 08-May-18 01:40:32
Print Post

Re: Twitter advising everyone to change passwords


[re: Michael_Chare] [link to this post]
 
In reply to a post by Michael_Chare:
Thank you. I don't use Twitter very much possibly not in the past 6 months, but when I did log in today I was not forced to change my password

Maybe you wasn't affected by it due to you not using it much, I use Twitter everyday, so if the logs are only kept for a very short time I would of been affected by this issue.

Paul

BTBroadband - Ultrafast 2 + FVA
Exchange Name: Ilford Central (LNILC) Cabinet: 24
TBB Speedtest IPv4 | TBB Speedtest IPv6 | Ookla Speedtest | Linksys WRT 3200 ACM (BQM)
Standard User JohnR
(eat-sleep-adslguide) Tue 08-May-18 17:53:52
Print Post

Re: Twitter advising everyone to change passwords


[re: PaulKirby] [link to this post]
 
In reply to a post by PaulKirby:
In reply to a post by Michael_Chare:
How were you forced to change?

The change password window popped up and I couldn't progress to the main page.
Its fine it was due for change anyhow.

Paul


Must have been short lived as I have not used twitter for approx a year. Yet I was still signed in and tweeted with no prompts to change anything....
And YES I have had the email.

\_0-0_/ AdsL is Hell \_0-0_/
To Infinity
Wats SUP doc.... You using too much.....
Standard User Michael_Chare
(fountain of knowledge) Tue 08-May-18 20:17:18
Print Post

Re: Twitter advising everyone to change passwords


[re: PaulKirby] [link to this post]
 
That does sound reasonable. I think I can safely leave my password unchanged.

Michael Chare
Standard User Vorlon
(fountain of knowledge) Tue 08-May-18 20:34:09
Print Post

Re: Twitter advising everyone to change passwords


[re: Michael_Chare] [link to this post]
 
I tend to use 2 Step Login where I can and particularly where I know accounts are sought after and hence have value like Steam accounts.

Thinking back I had so many Computer games in nice large book sized boxes. Then came games on a CD, then DVD and now online.
My thinking is when they were in boxes you could perceive their value, but now all that value remains behind a password - scary really.
Standard User PaulKirby
(knowledge is power) Wed 09-May-18 00:36:03
Print Post

Re: Twitter advising everyone to change passwords


[re: JohnR] [link to this post]
 
In reply to a post by JohnR:
In reply to a post by PaulKirby:
In reply to a post by Michael_Chare:
How were you forced to change?

The change password window popped up and I couldn't progress to the main page.
Its fine it was due for change anyhow.

Paul


Must have been short lived as I have not used twitter for approx a year. Yet I was still signed in and tweeted with no prompts to change anything....
And YES I have had the email.

You got an email, I got no email, I use Twitter everyday, maybe I was just unlucky.

Paul

BTBroadband - Ultrafast 2 + FVA
Exchange Name: Ilford Central (LNILC) Cabinet: 24
TBB Speedtest IPv4 | TBB Speedtest IPv6 | Ookla Speedtest | Linksys WRT 3200 ACM (BQM)
Pages in this thread: 1 | 2 | 3 | (show all)   Print Thread

Jump to