It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
originally posted by: xuenchen
a reply to: roadgravel
I think they got caught and were "told" to publish an excuse.
Twitter has "announced" as many as 300 million user passwords have been visible to lots of employees because of a "bug" !!
originally posted by: roadgravel
They are saying they were writing passwords to a log during hashing.
originally posted by: DupontDeux
originally posted by: roadgravel
They are saying they were writing passwords to a log during hashing.
Yeah, kind of defeats the purpose of hashing, huh?
Weirdest bug ever - or a neat little tool to gather information by someone inside. I know which one I find most likely.
It's unclear exactly why user passwords were stored in plaintext before they were hashed. Twitter said that it stores user passwords with bcrypt, a stronger password hashing algorithm, but a bug meant that passwords were "written to an internal log before completing the hashing process."
...
A source familiar with the ongoing investigation told ZDNet that the internal log where user plaintext passwords were accidentally logged was found in an obscure place, and it's believed that the likelihood of someone finding it was low.
Link