[They] fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password.”
The bug came from an error in Twitter’s internal hashing process that encrypts passwords. This process malfunctioned, and passwords were being saved in plain text rather than their usual hashed format.
While it seems no data has been leaked, Twitter felt that it was still important to announce there was a data breach. Currently, there is no legislation that forces Twitter to make this announcement but, come May 25th GDPR will require companies to announce data leaks within 72 hours of discovery.
Moreover, this admission comes in direct contrast to what other firms have done in the past. Both Uber and Yahoo tried to cover up large-scale breaches; these breaches were only uncovered later by third parties.
If you’re worried that your company has hidden bugs, feel free to reach out and see how Secure Sense can solve your cybersecurity needs.
Don’t forget to register for our 4th annual Camp Secure Sense here. Camp Secure Sense is geared towards helping Canadian IT Security professionals improve their security practices, and better protect their organization. Don’t wait, Camp is over 90% booked!