Yesterday, Jack Dorsey disclosed that more than 330,000,000 passwords had been left unencrypted on an internal Twitter server. Post this, follows a Twitter’s password change recommendation which depicts a jumpy, anxious digital communications industry, says leading data and analytics company GlobalData.
The advice for 330 million users to change their passwords comes at a time when the digital communications industry is facing intense scrutiny over the storage and protection of personal data online, after a series of security breaches at Equifax, Facebook and Uber Technologies.
Emma Mohr-McClune, Service Director of Global Telecom Consumer Services, Platforms and Devices at GlobalData, says: “Most social media platforms, notably Twitter, have already made significant steps to identity and shut down tens of thousands of bots, as it’s now recognized that bot-driven public opinion hacking had a hand in the 2016 US Presidential election.”
The worry is that access to millions of real Twitter password accounts could give tomorrow’s democracy hackers the ultimate follow-up.
“It’s a digital doomsday scenario. But in this day and age, it’s one that we all – including Twitter – need to be taking seriously. As advised, users should change their passwords. But social media platforms should also be thinking about how to communicate the discovery of vulnerabilities in their security systems”.
Twitter CTO Parag Agrawal explained that passwords were written to an internal log before completing the hashing process due to a bug.
However, there was never any indication that the file of users’ account passwords in question had been misplaced, stolen, or shared with a third party.
Mohr-McClune adds: “The fact that it existed at all triggered the kind of mass security warning most digital communications providers would prefer not to have to deliver at all, especially not while the Facebook data privacy scandal is still ongoing.
Agrawal sent mixed messages regarding the password change recommendation, suggesting in one Tweet that the communication to users was probably surplus to requirement, but was nevertheless ‘the right thing to do.
He retracted that in a later Tweet, saying: ’I should not have said we didn’t have to share. I have felt strongly that we should. My mistake.’
“The episode is symptomatic of the extreme jumpiness in the digital industry sector right now. No one can afford another data breach scandal. It also points to the need for social media platform leadership to think through their public communications and password change recommendation processes for all vulnerability scenarios.”
Like this content? Sign up for our daily newsletter to get latest updates.