Twitter recommended on Thursday that all of its 336 million users change their passwords after it discovered a bug that internally stored the passwords in an unprotected manner.
Parag Agrawal, Twitter’s chief technology officer, said in a blog post that Twitter has fixed the issue and that there were no signs that anyone had breached or misused the passwords. Still, the company suggested that users consider changing their passwords on other devices or services if they used the same password as they had on Twitter.
Normally, Twitter protects passwords through a process called hashing, in which it replaces the actual characters of a password with random letters and numbers. The bug allowed passwords to be kept in an “internal log” without hashing so they were stored in their readable text format.
The company is presenting users with a pop-up window that includes a message about the bug and a link to their Settings page where they can change the password.
Twitter’s CEO Jack Dorsey tweeted that he believes “it’s important for us to be open about this internal defect.”
Agrawal also took to Twitter to talk about the issue, first saying “We are sharing this information to help people make an informed decision about their account security. We didn’t have to, but believe it’s the right thing to do.”
But when he received criticism for saying the company didn’t have to tell users about the bug, he followed up with another apology.
“I should not have said we didn’t have to share. I have felt strongly that we should. My mistake,” he tweeted.
More Must-Reads From TIME
- The 100 Most Influential People of 2024
- The Revolution of Yulia Navalnaya
- 6 Compliments That Land Every Time
- What's the Deal With the Bitcoin Halving?
- If You're Dating Right Now , You're Brave: Column
- The AI That Could Heal a Divided Internet
- Fallout Is a Brilliant Model for the Future of Video Game Adaptations
- Want Weekly Recs on What to Watch, Read, and More? Sign Up for Worth Your Time
Write to Abigail Abrams at abigail.abrams@time.com