DIY Photography

Your one stop shop for everything photo-video

  • News
  • Inspiration
  • Reviews
  • Tutorials
  • DIY
  • Gear
Search

Submit A Story

Twitter urges all users to change their passwords after major security bug

May 4, 2018 by John Aldred Leave a Comment

  • Share
  • Tweet
  • Flipboard
  • WhatsApp

This morning, along with roughly 330 million other people, I received an email from Twitter strongly suggesting that I change my password. They’re also advising that I change it on any other website I’ve ever used that password. The reason is that Twitter appears to be accidentally storing passwords in plain text. And they seem to have no idea how long it’s been happening.

When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it. We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone.

Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password. You can change your Twitter password anytime by going to the password settings page.

Twitter has become a great way for photographers to promote their work and connect with new clients, especially commercial clients. Many nude and boudoir photographers also use it to show off their work as Twitter doesn’t have the same rules regarding image censorship as platforms like Facebook and Instagram.

And they’re a large enough platform that when they suggest you change your password, you should probably listen. Although Twitter says that they have no reason to believe the plain text passwords were viewed or abused by anybody, they’re being extra cautious. The email describes the basic process of how passwords on their system are supposed to work, and what the bug was doing.

We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system. This allows our systems to validate your account credentials without revealing your password. This is an industry standard.

Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.

Twitter has not said how many passwords have been affected or how long it’s been going on. But the BBC reports that the number is “substantial” and that they were exposed for “several months”.

The email also offers some account security tips…

Tips on Account Security

Again, although we have no reason to believe password information ever left Twitter’s systems or was misused by anyone, there are a few steps you can take to help us keep your account safe:

  1. Change your password on Twitter and on any other service where you may have used the same password.
  2. Use a strong password that you don’t reuse on other services.
  3. Enable login verification, also known as two factor authentication. This is the single best action you can take to increase your account security.
  4. Use a password manager to make sure you’re using strong, unique passwords everywhere.

So, if you use Twitter to promote your photography, make sure to change your password. Change your password on anything else that uses the same password (especially if it’s associated with the same email address). It would also be a good time to check those 3rd party apps you’ve approved on your Twitter account.

Twitter also posted a copy of the email to their blog.

FIND THIS INTERESTING? SHARE IT WITH YOUR FRIENDS!

  • Share
  • Tweet
  • Flipboard
  • WhatsApp

Related posts:

A major Instagram security bug leaked users passwords as plain text Major Photos API bug on Facebook exposed 6.8 million users private photos 500px demands users reset their passwords after data breach Yahoo hacked, 500 million passwords stolen, change your Flickr password

Filed Under: news Tagged With: business of photography, social media, twitter

John Aldred: from diyphotography.net

About John Aldred

John Aldred is a photographer with over 20 years of experience in the portrait and commercial worlds. He is based in Scotland and has been an early adopter - and occasional beta tester - of almost every digital imaging technology in that time. As well as his creative visual work, John uses 3D printing, electronics and programming to create his own photography and filmmaking tools and consults for a number of brands across the industry.

« Three Nikon F to Sony E adapters go head to head. Which is best?
This is how to “photograph” with the sunlight by scorching wood »

Submit A Story

Get our FREE Lighting Book

DIYP lighting book cover

* download requires newsletter signup

Recent Comments

Free Resources

Advanced lighting book

Learn photography

Recent Posts

  • Samyang adds 100mm T2.3 to its compact autofocus cine prime lineup
  • Build your own DIY night vision camera with a Raspberry Pi
  • This adorable LEGO retro camera set hits the stores soon
  • Here are the cameras that shot Flickr’s best images
  • Meta AI image generator Imagine gets its own website

Udi Tirosh: from diyphotography.netUdi Tirosh is an entrepreneur, photography inventor, journalist, educator, and writer based in Israel. With over 25 years of experience in the photo-video industry, Udi has built and sold several photography-related brands. Udi has a double degree in mass media communications and computer science.

Alex Baker: from diyphotography.netAlex Baker is a portrait and lifestyle driven photographer based in Valencia, Spain. She works on a range of projects from commercial to fine art and has had work featured in publications such as The Daily Mail, Conde Nast Traveller and El Mundo, and has exhibited work across Europe

David Williams: from diyphotography.netDave Williams is an accomplished travel photographer, writer, and best-selling author from the UK. He is also a photography educator and published Aurora expert. Dave has traveled extensively in recent years, capturing stunning images from around the world in a modified van. His work has been featured in various publications and he has worked with notable brands such as Skoda, EE, Boeing, Huawei, Microsoft, BMW, Conde Nast, Electronic Arts, Discovery, BBC, The Guardian, ESPN, NBC, and many others.

John Aldred: from diyphotography.netJohn Aldred is a photographer with over 20 years of experience in the portrait and commercial worlds. He is based in Scotland and has been an early adopter - and occasional beta tester - of almost every digital imaging technology in that time. As well as his creative visual work, John uses 3D printing, electronics and programming to create his own photography and filmmaking tools and consults for a number of brands across the industry.

Dunja Djudjic: from diyphotography.netDunja Djudjic is a multi-talented artist based in Novi Sad, Serbia. With 15 years of experience as a photographer, she specializes in capturing the beauty of nature, travel, and fine art. In addition to her photography, Dunja also expresses her creativity through writing, embroidery, and jewelry making.

Copyright © DIYPhotography 2006 - 2023 | About | Contact | Advertise | Write for DIYP | Full Disclosure | Privacy Policy