You Better Reset Your Twitter Password

DooKey

[H]F Junkie
Joined
Apr 25, 2001
Messages
13,500
Just a couple of days ago we posted news of GitHub leaving some of passwords in plain text within the internal logging system. Guess what? It has happened again and Twitter is the culprit. According to a blog post explaining things they say that a bug left passwords in plain text within the logging system before the passwords were hashed. Supposedly there hasn't been any sign of malicious use of these passwords, however, they recommend you change your password just in case.

Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.
 
So here is my problem with the whole renew passwords idea. Did they make sure that since they got to the server there are not any back doors active, which would make changing your passwords useless ;) .

I thought everyone uses encryption these days storing passwords for the last 10+ years or so.
 
So, here's a news flash.......don't use this shit and you're fine.

Never had an account and never will.
Same for Facebook (unless they start that dating service.......that seems soooooooooo cool........) Not........
 
I thought everyone uses encryption these days storing passwords for the last 10+ years or so.

Stored, yes. They set up logging on some authentication part, which had the passwords sent and stored in plain text... No indications of compromise yet, AFAIK.

I reset mine. Twitter makes for a good news feed if you follow the right people (I have some that are news worthy and others that are just a bunch of political BS, but still have some relevant content from time to time). Plus, [H] does automatic Twitter posts, I believe. Not that I miss anything on the front page, anyway. It's a page I visit multiple times a day.
 
Man, I don’t even know my password or use the damn service. They can have it maybe they’ll make me popular.
 
Done. I have changed my password from InW37rTre9 to 9y&)0L4[=*oH=[0B;Ncf:~u<-8(r;Ql9^jF5T@KFQjCpK30dM17t6w{sj%%i (or was it =Kwb2t$7O@s*;):B!&vJsTw+tD5,wIA,OmOO|-C:A'oad$[H*OxM9,Bs?:*M). Hopefully, that's strong enough. I have also set up two-factor authentication.
 
I don't give a shit, I don't tweet (and never will) anyway. I do it the old fashioned way. I stick my head out the window and yell "fuck off" to all my neighbors.
 
I don't give a shit, I don't tweet (and never will) anyway. I do it the old fashioned way. I stick my head out the window and yell "fuck off" to all my neighbors.
When you sometimes have some trouble with certain companies which like their public profile online important they tend to be more forthcoming then when directly communicating (phone or email).
 
Deleted my Twitter account long ago, didn't get any use so. It's just Trump keeping the stuff relevant.
 
Back
Top