SAN FRANCISCO — Twitter today urged all 330 million users to immediately change their passwords after a bug exposed them in plain text.
Twitter didn’t reveal how many user passwords may have potentially been compromised or how long the bug was exposing passwords before it found and fixed the issue.
“We recently found a bug that stored passwords unmasked in an internal log,” Twitter tweeted. “We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password.”
Twitter said that users should change passwords on both the site itself and anywhere else they may have used that password, which includes third-party apps like Twitterrific and TweetDeck.
In an explanation about the bug, Twitter said: “We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system. This allows our systems to validate your account credentials without revealing your password. This is an industry standard.”
“Due to a bug, passwords were written to an internal log before completing the hashing process,” Twitter said. “We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.”
Twitter is one of the most-used mainstream social networks for the adult entertainment industry.