Twitter is asking all of its more than 330 million monthly active users to consider changing their passwords “out of an abundance of caution” after discovering an internal bug.
Chief technology officer Parag Agrawal wrote in a blog post that the company recently discovered a bug in its hashing process that caused passwords to be stored in plain text in Twitter’s internal logs. Hashing is the process of transforming passwords into a random-looking string of characters. Agrawal wrote that the bug caused the passwords to be “written to an internal log before completing the hashing process.”
Twitter says the bug was discovered internally, and has no reason to believe that anyone outside the company was able to gain access to the unmasked passwords. Regardless, the company is telling users to consider changing their passwords on Twitter, as well as any other website where they may have used their same Twitter password.
Agrawal ended the post with “We are very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.”
The company only says that the bug was discovered “recently.” A Twitter spokesperson declined to comment to VentureBeat on when it was discovered, and who, if anyone, at the company was reprimanded for the incident.