Twitter Sets the Standard for Bug Reporting
Last Thursday (May 3rd) Twitter announced “[they] recently found a bug that stored passwords unmasked in an internal log.
[They] fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password.”
The bug came from an error in Twitter’s internal hashing process that encrypts passwords. This process malfunctioned, and passwords were being saved in plain text rather than their usual hashed format.
While it seems no data has been leaked, Twitter felt that it was still important to announce there was a data breach. Currently, there is no legislation that forces Twitter to make this announcement but, come May 25th GDPR will require companies to announce data leaks within 72 hours of discovery.
Moreover, this admission comes in direct contrast to what other firms have done in the past. Both Uber and Yahoo tried to cover up large-scale breaches; these breaches were only uncovered later by third parties.
If you’re worried that your company has hidden bugs, feel free to reach out and see how Secure Sense can solve your cybersecurity needs.
Secure Sense is the security provider that cares. We are a team of experts with a passion for IT and protecting your organization is what motivates us daily. If you have questions, want to learn more about our services or just want to chat security please give us a shout. If you’re looking to guest blog, please send an email here.
Don’t forget to register for our 4th annual Camp Secure Sense here. Camp Secure Sense is geared towards helping Canadian IT Security professionals improve their security practices, and better protect their organization. Don’t wait, Camp is over 90% booked!