Twitter is urging its more than 330 million users to change their passwords as the brand has identified a bug that stored passwords ‘unmasked’ in an internal log. The company has revealed that it has fixed the bug and internal investigation shows no indication of breach or misuse by anyone.
“Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password. You can change your Twitter password anytime by going to the password settings page,” the company said in a blog post.
The company identified the bug, which occurred during hashing process, which is an industry standard. Under this process, the company mask passwords through hashing or bcrypt, which basically replaces the actual password with a random set of numbers and letter that is then stored in Twitter’s system. This allows the systems to validate account credentials without revealing the password.
However, due to the bug, the passwords were written to an internal log before completing the hashing process. “We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again,” the company said.
So, as precautionary measures, the brand has asked people to change their password on Twitter and on any other service where they may have used the same password. Users should choose a strong password and also enable two-factor authentication to increase the account security. “We are very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day,” the brand added.