Time and time again, technical mistakes are made that result in bad actors grabbing sensitive data without detection, ultimately putting unsuspecting consumers at risk.
Twitter has taken responsibility in publicly disclosing this issue and notifying their users accordingly. Not all companies are as proactive.
Companies and consumers should invest in detection, early warning notifications and real-time alerts notifying them when credentials and sensitive PII are exposed.
Twitter is ringing in World Password Day by notifying its users, all 330 million of them, that their login credentials were left unencrypted in an internal log file and should be changed. CTO Parag Agrawal broke the news on Wednesday that its internal team had found that, while passwords are usually stored with encryption, something had caused at least one log to record them in plaintext. Twitter is stressing that the issue was found in-house by its own engineers, and that so far there are no indications of anyone outside the company being able to even view the file, let alone harvest the passwords.