A glitch at Twitter has prompted the social-media company to urge its more than 330 million users to consider changing their account passwords after some of them were exposed on its internal computer network. The company wrote a blog post informing users of the incident yesterday.
The passwords were “unmasked in an internal log.” There is no indication how many users were affected, and the company said its investigation showed no passwords were misused or breached.
“Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password,” Twitter said.
Twitter CEO Jack Dorsey addressed the issue (on Twitter of course), to say that the company “believes it’s important for us to be open about this internal defect”
There was no immediate word how long the “internal defect” existed before it was discovered.
Twitter explained the glitch in its blog post by saying a process called “hashing” didn’t fully complete.
“We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system,” Twitter wrote. “Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords and are implementing plans to prevent this bug from happening again.”
The “hashing” process is industry standard, Twitter noted.
Securing your account
Twitter listed four tips on how to tighten up your account, including: changing your password, using a strong password, enabling login verification and using a password manager.
Some Twitter users have seen a screen pop up Thursday that mentions the bug. It includes a link to user settings.