logginggate

Logginggate: Twitter has been logging your password in plain text all this time… and this is not all of it!

Did you receive this email too ? Twitter is telling us that despite the fact that they stored the just the hashes of the passwords in their DB, they have been logging the plain text password in their backend. Stupid ?! Hell yes! But the even more stupid thing is this: WHY DO THEY SEND THE PASSWORD IN PLAIN TEXT TO THEIR BACKEND ? It would be enough the generate on the client side the password’s hash and send only the hash to their server. Now it all makes sense… In the past weeks they have been blocking accounts under the excuse that the user violated their usage rules. This is bullshit… I think they were just trying to piss people off so that they change their password.     And here is the relevant part in plain text:   About The Bug We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system. This allows our systems to validate your account credentials without revealing your password. This is an industry standard. Due to a bug, passwords were…


%d bloggers like this:

By continuing to use the site, you agree to the use of cookies and to its Privacy Policy more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close