Twitter Inc. urged its more than 330 million users to change their passwords after a glitch caused some to be stored in readable text on its internal computer system rather than disguised by a process known as “hashing”.
The social network disclosed the issue in a blog post and series of Tweets on Thursday afternoon, saying it had resolved the problem and an internal investigation had found no indication passwords were stolen or misused by insiders. Still, it urged all users to consider changing their passwords.
“We fixed the bug and have no indication of a breach or misuse by anyone,” chief executive Jack Dorsey said in a Tweet. “As a precaution, consider changing your password on all services where you’ve used this password.”
In a blog post, the company did not say how many passwords were affected. But a person familiar with the company’s response said the number was “substantial” and that they were exposed for “several months.”
Twitter discovered the bug a few weeks ago and has reported it to some regulators, said the person, who was not authorized to discuss the matter.
We are sharing this information to help people make an informed decision about their account security. We didn’t have to, but believe it’s the right thing to do. <a href=”https://t.co/yVKOqnlITA”>https://t.co/yVKOqnlITA</a>
The disclosure comes as governments and regulators around the world scrutinize the way that companies store and secure consumer data, after a string of security incidents that have come to light at firms including Equifax Inc., Facebook Inc. and Uber.
The European Union is due to start enforcing a strict new privacy law, known as the General Data Protection Regulation, that includes steep fees for violating its terms.
The glitch was related to Twitter’s use of a technology known as “hashing” that masks passwords as a user enters them by replacing them with numbers and letters, according to the blog.
A bug caused the passwords to be written on an internal computer log before the hashing process was completed, the blog said.
“We are very sorry this happened,” the Twitter blog said.
Twitter’s share price was down one per cent in extended trade at $30.35 US, after gaining 0.4 per cent during the session.
The company advised users to take precautions to ensure that their accounts are safe, including changing passwords and enabling Twitter’s two-factor authentication service to help prevent accounts from being hijacked.