Hyderabad: The morning ritual of tweeple in India was altered on Friday, with Twitter urging its users to change their passwords, announcing it had a file with passwords of all users stored in plain text.
In a blog post, Twitter’s chief technology officer Parag Agrawal played down the incident by saying there’s no evidence that there was a breach or misuse of passwords and the passwords never left Twitter’s systems.
But as a precautionary measure, or “out of an abundance of caution”, Twitter almost immediately began notifying both mobile and desktop users to change their passwords, though the social media site claims to have deleted the file with the passwords.
Users can access Twitter as usual even if they don’t change their passwords as Twitter says no data has been breached.
“It is a tricky situation, because especially in cyber security, stored passwords are never found in plain text. The moment it is unencrypted, security could be compromised. Changing a password is an added security measure,” said independent security researcher Srinivas Kodali.
Gaining access to the log means a person can practically take over a Twitter account and access data, personal messages and information including date of birth and phone numbers, which could be used for several purposes.
“Given access to such a file, an attacker can easily download Twitter data, personal messages, and potential companies can create programmes to traffic messages and run scripts to download user data for manipulation and other cybercrime,” said Kodali.
Twitter said it had removed all discrepancies and will prevent a recurrence of the bug. But experts have advised a change of password not only on Twitter, but on all accounts with the same password. Users should avoid using the password in future....