Twitter on May 3 said that it located a bug in how the platform’s passwords were stored, and although it doesn’t think any user accounts were affected, they recommended that users change their passwords.
The bug means that the stored passwords weren’t scrambled. In a statement on its blog, Twitter said that they recently discovered a bug where account passwords were being written to an internal log before completing a masking/hashing process.
It added that there was no indication of breach or misuse, and they felt it was important for them to be open about the internal defect.
“We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.”,” Twitter said.
According to the company, all passwords are hashed so that they’re stored as a random mix of numbers and letters. It discovered password logs where the passwords hadn’t been hashed, however.
“Due to a bug, passwords were written to an internal log before completing the hashing process,” the explanation said.
Twitter said it doesn’t believe “information ever left Twitter’s systems or was misused by anyone,” but recommends that users change their passwords and enable two-factor authentication.
The minor bug has saw shares of the company take slight downward plunge hours after the announcement.
You can change your password by visiting Twitter’s password reset page. Twitter is also alerting users with a splash page that will take you directly to the reset page. Here’s what it looks like:
