Happy World Password Day!
Twitter is asking all of its 330 million users to change their passwords “out of an abundance caution” after it discovered a bug that stored passwords in an unprotected manner.
“When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it. We recently identified a bug that stored passwords unmasked in an internal log,” wrote Paraga Agrawal, Twitter’s chief technology officer, in a blog post on Thursday.
I’m sorry that this happened, but am proud to work at a company that puts people who use our service first.
— Parag Agrawal (@paraga) May 3, 2018
The cause of the issue doesn’t appear to be a hack. Twitter says that there’s no evidence of a breach or misuse of data.
Agrawal says that, in accordance with industry standards, Twitter hashes its passwords using the bcrypt method, by which passwords are replaced with a alphanumeric string. However, the internal bug caused the passwords to be stored in plain text on an internal log before the hashing process, the company says.
“We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again,” the CTO said.
The company is recommending that users change their passwords on Twitter as well as any other sites where they used the same password.