Twitter says your password — assuming you use Twitter and tweet — is possibly compromised. No hack was reported by Twitter but passwords have been exposed. The company did a fix and removed non-encrypted passwords from the system and Twitter is working on a permanent fix to make sure it never happens again.
To ease your mind if you are a user, Twitter said an internal investigation is happening and “shows no indication of breach or misuse by anyone … [there is] no reason to believe password information ever left Twitter’s systems or was misused by anyone.”
Even with no compromise evident, Twitter suggests you change your password anyway.
While it’s nice of Twitter to warn you, the company is being heavily criticized. Phil Libin is a venture capitalist and startup business founder. He lashed out immediately and said there is no reason at all for a company to store passwords in plain text or in internal files.
In his tweet, Libin said, “This is not a breach. It’s significantly worse. This kind of bug seems grossly negligent at best. There’s no reason for a plaintext password to ever be written to a file. It’s not even the lazy way to code a password handler. It took effort to make this mistake.”
Twitter’s Chief Technology Officer Parag Agrawal fired back and said the company did not have to disclose the problem at all. However, it decided to share the information to help its users make an informed decision about their account.
Not only are companies — like Twitter — careless, but we are personally careless with passwords as well. A study by Munich Re’s The Hartford Steam Boiler Inspection (HSB) says 44% of us use one to five passwords to access all of our online applications.
Some of us use the same password for multiple accounts.
Even worse, HSB says we don’t store our passwords all that safely either. Instead of a secure password management app, we use a sticky note. HSB considers that practice very dangerous.
In the question, it asked — do you use a password organizer — HSB found some interesting facts:
• Just 16% use a password organizer
• 80% don’t
Many store their passwords other places
• Computer documents
• Slips of paper
• Emails they send to themselves
HSB Vice President Timothy Zeilman said one lady said she kept her passwords on recipe cards. Another — a business owner — had universal passwords used by everyone in the company and were written down in a place where everyone could see it.
He says passwords need to be strong and need to be stored in a secure or encrypted location. “Better yet, use passphrases, choosing random common words that don’t occur together in everyday speech,” he said.
To emphasize the problem HSB said all you have to do is note how many people have been attacked and hacked. It’s 32% in the last 12 months. Carelessness — Zeilman — said is the reason.
• 81% said they had an unwanted virus or other software implanted
• That’s up from 69% a year ago
• 42% reported software or operating system damage
By the way, click here for a link for a review of password protection apps. We aren’t endorsing any of them and recommend you do your research before getting one.
Source links: Business Insurance America, PropertyCasualty360.com