Twitter exposes security vulnerabilities recommendation 336 million users modify account password

category:Hot
 Twitter exposes security vulnerabilities recommendation 336 million users modify account password


Twitter exposes security vulnerabilities and recommends 336 million users to modify their account passwords. Data map On the evening of May 3rd, social networking site twitter released the above information in its official account, urging its 336 million users to change their passwords. When users log on to Twitter to see the security prompts, click the link to jump to the password reset page. The CNN (CNN) technology channel further suggests that if users use the same password in Facebook, bank accounts and other electronic accounts, changes should be made immediately. According to the US Cbs Broadcasting Inc (CBS) 3 reported that the problem is the Twitter password hash. In general, sensitive information such as Twitter user password should be stored on its internal server after being disturbed, for example, if a user has a 123456 as a password, it will not be displayed as 123456 in the Twitter server s database, but should be composed of a random combination of a number and a letter. Store. This can verify the users login information without revealing the users password, which is a standard practice in the industry. But Twitter acknowledges in a statement that the company uses a hash algorithm called bcrypt to store encrypted user passwords, but because of a vulnerability, the users password is stored in YISHION text before completing the hash encryption. Twitter does not specify what the loopholes are. We found this mistake ourselves, deleted the text passwords, and are taking measures to prevent this mistake from happening again. Agrawal Le, chief technology officer of twitter, said. Twitter did not say when the error was discovered. Techcrunch, a famous American science and technology blog, points out that it is unusual for enterprises of Twitter to make such a basic information security error. But it is also an opportunity to push users to control their password security in their own hands. Users can choose dual authentication or use LastPass, 1Password and other account password management software tools to ensure that their accounts will not be threatened even if the platform has security vulnerabilities. The source of this article: surging news writer: Li Yiqing responsible editor: Huang Zhecheng _B9302 We found this mistake ourselves, deleted the text passwords, and are taking measures to prevent this mistake from happening again. Agrawal Le, chief technology officer of twitter, said. Twitter did not say when the error was discovered. Techcrunch, a famous American science and technology blog, points out that it is unusual for enterprises of Twitter to make such a basic information security error. But it is also an opportunity to push users to control their password security in their own hands. Users can choose dual authentication or use LastPass, 1Password and other account password management software tools to ensure that their accounts will not be threatened even if the platform has security vulnerabilities.