Twitter Says All 336 Million Users Should Change Their Passwords
(CNN Money) — Twitter has recommended its 336 million users change their passwords.
The company announced on Thursday it discovered a bug that saved user passwords on an internal log without proper encryption.
Twitter said it has since fixed the issue. Although the company said there is no evidence passwords have been leaked or misused, it is urging its users to update their passwords.
“As a precaution, consider changing your password on all services where you’ve used this password,” the company tweeted.
The company encrypts user passwords via a process called hashing to keep them safe. But the detected bug stored the passwords in their original form to an “internal log.”
Twitter did not specify how many passwords were stored.
The company declined to comment on when the bug was discovered, how long it had been storing passwords in this manner and how many passwords were affected. But it reiterated to CNN “this is not a breach.”
Twitter is prompting users to change their passwords via a pop-up window on the site that explains the nature of the bug and links to their Settings page.
The company also suggests widely recommended security tips, like turning on two-factor authentication, choosing unique passwords for every service, and using a password manager app to store them all.
CEO Jack Dorsey said in a tweet the company believed it was important to “be open about this internal defect.”
Meanwhile, Twitter CTO Parag Agrawal tweeted an apology for the issue.
“We are sharing this information to help people make an informed decision about their account security. We didn’t have to, but believe it’s the right thing to do,” he said.