Twitter has advised its 336 million users to change their passwords due to a bug that saved user passwords on an internal log without proper encryption.
The microblogging website said there is no evidence that password have been leaked, but advised users to change their passwords to be safe.
“We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone,” the company tweeted.
“As a precaution, consider changing your password on all services where you’ve used this password.”
The company declined to comment on when the bug was discovered, how long it had been storing passwords in this manner and how many passwords were affected.
We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password. https://t.co/RyEDvQOTaZ
— Twitter Support (@TwitterSupport) May 3, 2018
Jack Dorsey, CEO of Twitter, also corroborated the threat by tweeting from his personal handle.
We recently discovered a bug where account passwords were being written to an internal log before completing a masking/hashing process. We’ve fixed, see no indication of breach or misuse, and believe it’s important for us to be open about this internal defect. https://t.co/BJezo7Gk00
— jack (@jack) May 3, 2018
You can change your password by visiting Twitter’s password reset page.
The company also suggested widely recommended security tips, like turning on two-factor authentication, choosing unique passwords for every service, and using a password manager app to store them all.