A glitch at Twitter has prompted the social media company to urge its more than 330 million users to consider changing their account passwords after some of them were exposed on its internal computer network. The company wrote a blog post informing users of the incident Thursday.
CNET reports that the passwords were "unmasked in an internal log." There is no indication of how many users were affected, and the company said its investigation showed no passwords were misused or breached.
"Out of an abundance of caution, we ask that you consider changing your password on all services where you've used this password," Twitter said.
Jack Dorsey, the CEO of the San Francisco-based company, addressed the issue (on Twitter of course), to say that the company "believes it's important for us to be open about this internal defect."
We recently discovered a bug where account passwords were being written to an internal log before completing a masking/hashing process. We’ve fixed, see no indication of breach or misuse, and believe it’s important for us to be open about this internal defect. https://t.co/BJezo7Gk00— jack (@jack) May 3, 2018
There is no immediate word as to how long the "internal defect" existed before it was discovered.
Twitter explained the glitch in its blog post by saying a process called "hashing" didn't fully complete.
"We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter's system," Twitter wrote. "Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords and are implementing plans to prevent this bug from happening again."
The "hashing" process is industry standard, Twitter noted.
Twitter listed four tips on how to tighten up your account, including: changing your password, using a strong password, enabling login verification and using a password manager.
CNET reports Twitter users have seen a screen pop up Thursday that mentions the bug. It includes a link to user settings.