Twitter says all 336 million users should change their passwords
Twitter has recommended its 336 million users change their passwords.
The company announced on Thursday it discovered a bug that saved user passwords unprotected on an internal log.
Twitter said it has since fixed the issue. Although the company said there is no evidence passwords have been leaked or misused, it is urging its users to update their passwords.
“As a precaution, consider changing your password on all services where you’ve used this password,” the company tweeted.
The company protects user passwords via a process called hashing, which shows random characters in place of the actual passwords. But the detected bug stored the passwords in their original plain-text form to an “internal log.”
Twitter did not specify how many passwords were stored there.
The company declined to comment on when the bug was discovered, how long it had been storing passwords in this manner and how many passwords were affected. But it reiterated to CNN “this is not a breach.”
Twitter is prompting users to change their passwords via a pop-up window on the site that explains the nature of the bug and links to their Settings page.
The company also suggests widely recommended security tips, like turning on two-factor authentication, choosing unique passwords for every service, and using a password manager app to store them all.
CEO Jack Dorsey said in a tweet the company believed it was important to “be open about this internal defect.”
Meanwhile, Twitter CTO Parag Agrawal tweeted an apology for the issue.
“We are sharing this information to help people make an informed decision about their account security. We didn’t have to, but believe it’s the right thing to do,” he said.
After receiving criticism for saying Twitter didn’t have to go public with the breach, Argawal followed up with another apology.
“I should not have said we didn’t have to share. I have felt strongly that we should. My mistake,” he said.