Twitter recommended on Thursday that all of its 336 million users change their passwords after it discovered a bug that internally stored the passwords in an unprotected manner.
Parag Agrawal, Twitter’s chief technology officer, said in a blog post that Twitter has fixed the issue and that there were no signs that anyone had breached or misused the passwords. Still, the company suggested that users consider changing their passwords on other devices or services if they used the same password as they had on Twitter.
Normally, Twitter protects passwords through a process called hashing, in which it replaces the actual characters of a password with random letters and numbers. The bug allowed passwords to be kept in an “internal log” without hashing so they were stored in their readable text format.
The company is presenting users with a pop-up window that includes a message about the bug and a link to their Settings page where they can change the password.
Twitter’s CEO Jack Dorsey tweeted that he believes “it’s important for us to be open about this internal defect.”
Agrawal also took to Twitter to talk about the issue, first saying “We are sharing this information to help people make an informed decision about their account security. We didn’t have to, but believe it’s the right thing to do.”
But when he received criticism for saying the company didn’t have to tell users about the bug, he followed up with another apology.
“I should not have said we didn’t have to share. I have felt strongly that we should. My mistake,” he tweeted.
- Governor Gretchen Whitmer on Her Fight for Abortion Access in Michigan
- Inside the War on Fake Consumer Reviews
- Column: Europe's Refugee Crisis Is Going to Get Worse
- How Lawmakers Are Trying to Protect Abortion Data Privacy
- The Surprising Thing That Could Help Ease Inflation
- Finding the American Dream in Canada
- The Safest Sunscreens to Buy—and Which Ingredients to Avoid
- Fact-Checking 8 Claims About Crypto’s Climate Impact
- How Grief Upsets Your Gut Health
- Who Could Replace Boris Johnson As U.K. Prime Minister?