Twitter tells all 330M users to change passwords after ‘bug’ discovered

Twitter is recommending that all of its users change their passwords after the company discovered a bug that exposed passwords on an internal system.

“We recently identified a bug that stored passwords unmasked in an internal log,” Twitter announced Thursday.

“Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password,” the company said. 

{mosads}

Twitter, which has over 330 million users globally, said an investigation turned up no evidence of “breach or misuse by anyone.” As a precaution, the company recommended users change their Twitter passwords and enable two-factor authentication to further protect their accounts.

Twitter uses a bcrypt, a hashing function that encrypts passwords. It allows the company to validate the account credentials without revealing the actual password.

But Twitter said Thursday that a glitch resulted in passwords being written to an internal log before the hashing function was complete—meaning that they were exposed on the company’s internal system. 

“We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again,” the company said. 

“We are very sorry this happened,” Twitter said. “We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.”

The revelation comes as social media companies, particularly Facebook, weather scrutiny for their data security and privacy practices as a result of controversy surrounding the data firm Cambridge Analytica.