Twitter urges all users to change passwords after glitch

(Reuters) - Twitter Inc TWTR.N urged its more than 330 million users to change their passwords after a glitch caused some to be stored in readable text on its internal computer system rather than disguised by a process known as "hashing".

The social network disclosed the issue in a blog post and series of Tweets on Thursday afternoon, saying it had resolved the problem and an internal investigation had found no indication passwords were stolen or misused by insiders. Still, it urged all users to consider changing their passwords.

"We fixed the bug and have no indication of a breach or misuse by anyone," Chief Executive Jack Dorsey said in a Tweet. "As a precaution, consider changing your password on all services where you've used this password."

The blog did not say how many passwords were affected. A person familiar with the company's response said the number was "substantial" and that they were exposed for "several months."

The disclosure comes as lawmakers and regulators around the world scrutinize the way that companies store and secure consumer data, after a string of security incidents at Equifax Inc EFX.N, Facebook Inc FB.O and Uber Technologies Inc [UBER.UL].

The European Union is due later this month to start enforcing a strict new privacy law, the General Data Protection Regulation, that includes steep fees for violators.

Twitter discovered the bug a few weeks ago and has reported it to some regulators, said the person, who was not authorized to discuss the matter publicly.

The U.S. Federal Trade Commission, which investigates companies accused of deceptive practices related to data security, declined comment on the password glitch.

The agency settled with Twitter in 2010 over accusations the site had "serious lapses" in data security that let hackers access private user data on two occasions. The settlement called for audits of Twitter's data security program every other year for 10 years.

The glitch was related to Twitter's use of "hashing" and caused passwords to be written on an internal computer log before the scrambling process was completed, the blog said.

"We are very sorry this happened," the Twitter blog said.

Twitter's share price was down 1 percent in extended trade at $30.35, after gaining 0.4 percent during the session.

The company advised users to take precautions to ensure that their accounts are safe, including changing passwords and enabling Twitter's two-factor authentication service to help prevent accounts from being hijacked.

link: https://www.reuters.com/article/us-twitter-passwords/twitter-urges-all-users-to-change-passwords-after-glitch-idUSKBN1I42JG

ESSAY part

Introduction: should give a summary of the report that follows. Should contain a 'thesis statement' that gives your overall impression of the company's handling of the data breach. Should lead the reader through the rest of the report in a way that gives them a maximum amount of information in a minimal amount of space.

Body: should include some of the precise details of the breach, such as: data on users and how they were affected (put into a clear graph if this will help the reader interpret the data), quotes from company officials about their response to the data breach, quotes from any government regulators investigating the breach, information about the data that was leaked (e.g. sensitivity) and about any legal proceedings that followed from it (e.g. class action suits and damages awarded).

Conclusion: should be short and not just a summary of the paper. Should include your suggestions for what the company should do to: a) prevent another data breach; and b) restore customer confidence in the company.

Bibliography: Is not part of the word count. You should have at LEAST 3 sources - the more, the better. However, the sources should demonstrate that you did research - not that you simply listed as many articles as you could. Sources should be recognizable to the professor - no blogs or poorly sourced websites. The date of publication should be easy to find for any reliable source.

Your report should answer ALL the following question:

When and where was the breach? What is the background?

What was the cause of the breach (be specific)?

Who was affected and to what extent?

How severe were the effects of the data breach on the individuals affected?

Were there other potential effects (e.g. identity theft) that haven't been documented yet?

How did the company respond to the breach?

Was there anything the company failed to do that would have prevented it?

Did the company undertake any actions to prevent this (or similar things) from happening again?

Was there a public outcry over the company's response to the breach?

How did the company address the public's reaction (either afterwards or pre-emptively)?

What consequences did the company or individuals at the company suffer (firings, legal liabilities, etc.)?

What recommendations would you make to prevent a similar breach from occurring?

What did you learn from this short research?