Twitter is now urging all its 336 million users to change their passwords following a bug that exposed flimsy personal data storage.
Social media network Twitter announced Thursday the discovery of a bug which saved user passwords unprotected on an internal log. The company said that the issue has been fixed, but it still urges their more than 330 million users to update their passwords.
“We fixed the bug and have no indication of a breach or misuse by anyone,” Jack Dorsey, Twitter’s chief executive officer, said in a Tweet. “As a precaution, consider changing your password on all services where you’ve used this password.”
On the other hand, the company’s chief technology officer Parag Agrawal explained in a blog post what transpired and what people should do.
“We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system. This allows our systems to validate your account credentials without revealing your password. This is an industry standard,” Agrawal said.
Read More: How to Find the Top Hashtags on Twitter
“Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.”
According to a story released by Reuters, the bug was discovered a few weeks ago, and Twitter has already reported it to regulators. Although the company claims there are no signs that the password information has left Twitter’s system, the company is still urging everyone to keep their accounts safe by doing the following:
- Change your password on Twitter and on any other service where you may have used the same password.
- Use a strong password that you don’t reuse on other websites.
- Enable login verification, also known as two-factor authentication. This is the single best action you can take to increase your account security.
- Use a password manager to make sure you’re using strong, unique passwords everywhere.
“We are very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day,” Agrawal went on to say.