Sina Technology News Beijing time in the early morning of May 4th, this Thursday, social media Twitter said it found a vulnerability in the company’s password storage, which means there may be a risk of leaked passwords for active users in 330 million Twitter months.
Twitter chief technology officer Parag Agrawal (Parag Agrawal) says that the user’s password is encrypted, that is, the external password is just a random number of numbers and letters. Recently, however, Twitter found that passwords recorded in cryptographic log files were not encrypted in hash value.
Twitter explained in a blog article: “because of a flaw, the user password will be written to an internal log file before encryption. We have discovered this problem ourselves and removed the unencrypted password records in the log file, and we are taking effective measures to prevent this kind of loopholes from appearing again.
Twitter said the company had mended the vulnerability, and did not think “the user’s password was leaked or abused by anyone”, but still suggested that the user modify the password of his Twitter account and open the two step.
Twitter did not publish the number of users affected by the vulnerability, but The Verge, the US technology media, pointed out that the number of affected users may be very large from the Twitter call for all users to modify their passwords.
According to sources, Twitter discovered the leak several weeks ago and reported it to regulators. But the Twitter spokesman refused to confirm it.
After the announcement, Twitter’s share price fell by 1% in the after hours trading. (small treasure)