Twitter urges users to change passwords
Twitter on Thursday urged its more than 300 million users to change their passwords, saying they had been unintentionally “unmasked” inside the company by a software bug.
Twitter practice is to store passwords encrypted, or “hashed,” so they are masked to even people inside the company, Twitter chief technology officer Parag Agrawal explained in a blog post.
“Due to a bug, passwords were written to an internal log before completing the hashing process,” he said.
“We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.”
The San Francisco-based internet company did not specify how many passwords were exposed or how long the glitch made data vulnerable to snooping.
“Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password,” Agrawal told users.
“We are very sorry this happened,” he said.
The stumble comes as the sector faces intense scrutiny over the protection of personal data online, in the wake of the Cambridge Analytica scandal which saw information from tens of millions of Facebook users hijacked and misused.
Twitter shares ebbed about a percent to $30.36 in after-market trades that followed word of the password mishap.