Twitter asked all 336 million users to change passwords
Twitter urged its users to change their passwords. Service no one hacked, but some passwords in the system were stored in plaintext.
What happened?
According to the developers, Twitter uses the technology of password masking via hashing with the bcrypt function. However, they recently discovered an error that caused the passwords to be written to the internal journal as plain text. Only employees had access to it, and during the internal investigation the company found no signs of misuse.
According to sources Reuters, the bug remained unnoticed for several months. Only a couple of weeks ago, Twitter found a problem and notified some regulatory authorities.
To be reinsured, Twitter recommends changing passwords and, if possible, enabling two-factor authentication with sending a verification code in an SMS message or a special application such as Authy and Google Authenticator.
It seems that the team really does not really have serious concerns about the security of users. But in 2016, Twitter forcibly dropped passwords from 32 million accounts, whose database was sold in a darknet for 10 bitcoins (about $ 5,800 at that time). Even then, the data was received by hackers not as a result of hacking, but using a virus that abducted passwords from browsers on infected systems.
On the recent announcement of the results of the first quarter, Twitter reported an active monthly audience of 336 million people.