Earlier this week, Twitter officially announced that a Twitter password hack was possible and the company was recommending that all users changed their Twitter passwords immediately. The social network claimed that a Twitter password “bug” was responsible for storing all user passwords in plain text. However, political activist Kim Dotcom believes there is much more going on than what Twitter has officially announced.
“We recently found a bug that stored passwords unmasked in an internal log,” tweeted out Twitter Support.
“We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password.”
Twitter’s CTO also encouraged users to create a new strong password that users don’t use with any other online account, enable login verification, and use a password manager in order to make sure they’re using a unique, strong password that can’t be easily guessed.
The revelation surprised many (especially tech experts) since storing user passwords unmasked in plain text means that all of the Twitter passwords were not being encrypted. Any malicious hackers which may have known about the Twitter password “bug” could have hacked any of the accounts owned by the 330 million or so Twitter users throughout the world. In response to this news, Twitter users were not happy and #RIPTwitter quickly became the number one trending topic worldwide.
Kim Dotcom responded to the news by claiming that U.S. government spying could be the real motivation for why the Twitter passwords were left unencrypted by the social media giant.
“Apparently Twitter stored your password in clear text in an ‘Internal log’ undermining any encryption. Twitter claims this was an error,” wrote Kim Dotcom.
“Based on my data security experience I suggest this wasn’t an error but a deliberate effort to provide your passwords to US Govt agencies.”
In the resulting conversation, another Twitter user asked, “Why, if your assertion of collusion is correct, did they even tell us. Surely it would be smarter (and the corrupt government would demand) that no notification was generated.” Others suggested that Twitter’s leadership is doing “pre-emptive PR” by announcing the so-called Twitter password bug because of what happened to Facebook and Mark Zuckerberg in 2018.
The NSA spying scandal during the Obama administration rocked the trust that Americans have in their own government. In recent years, the NSA-CIA whistleblower scandal of 2017 included the allegation that former FBI Director James Comey was covering up a massive “wiretapping” program. The timing of the announcement of the Twitter password “bug” also happens to coincide with news of many other tech giants slamming the door on NSA spying by closing off encryption backdoors.
In the spring of 2018, a tech coalition which includes big names like Apple, Facebook, Google, Microsoft, Verizon, and Yahoo’s parent company Oath all criticized “new proposals to engineer [security/encryption] vulnerabilities into devices and services” so that the U.S. government could have access. In the past, all of the listed companies were “hit by allegations of complicity with the government’s surveillance efforts,” so the tech giants were fighting back because they believed the proposed vulnerabilities could be exploited by malicious hackers, not just the U.S. government’s spying programs.
“Weakening the security and privacy that encryption helps provide is not the answer,” said the group’s statement, according to ZDNet.
Clay Haynes on the power Twitter employees have: “It’s terrifying in my opinion…” “It’s very, very dangerous… also it’s very creepy Big Brother-ish”
— James O’Keefe (@JamesOKeefeIII) January 10, 2018
There are allegations that Twitter may have known about the so-called Twitter password hack for quite a while. Earlier in 2018, undercover reporters at Project Veritas posted a video showing Twitter senior network security engineer Clay Haynes talking about how Twitter keeps user data for law enforcement agencies.
“What we can do on our side is actually very terrifying. We have full access to every single person’s account, every single direct message, deleted direct messages, deleted tweets. I can tell you who exactly logged in from where, what username and password, when they changed their password. It’s very, very dangerous. Also, very, very, very creepy. Big Brother-ish.”
Some believe that Haynes was implying that Twitter passwords were not being encrypted since otherwise Twitter employees should not be able to access such information. When Twitter’s management was asked about the Project Veritas video, a Twitter spokesperson claimed that the “individual depicted in this video was speaking in a personal capacity and does not represent or speak for Twitter.”