SAN FRANCISCO - Twitter is advising its 330 million users to change their passwords.
The official Twitter Support account sent the following tweet on Thursday afternoon:
"We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you've used this password."
“When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it,” Chief technology officer Parag Agrawal wrote in a company blog post. “We recently identified a bug that stored passwords unmasked in an internal log.”
The tech industry typically masks passwords with a function known as bcrypt.
In this process, according to Agrawal, passwords are replaced with a random set of letters and numbers, which are stored in the system and allow account validation without exposing passwords.
But the bug, which has since been fixed, caused the passwords to be written to an internal log before the hashing process via bcrypt was complete.
