The Twitter Inc on Thursday urged its all 336 million users to change their account passwords. The social media giant recently drew criticism after a report published in The Telegraph said that Twitter had sold users data to British political consulting firm Cambridge Analytica without their consent. In a statement, Twitter said it has discovered a bug that internally stored the passwords in an unprotected manner. In a blog, Twitter said, “We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password.”
However, taking users into confidence, Twitter said the discovered bug has been fixed. Speaking on the matter, Twitter CEO Jack Dorsey said, “We recently discovered a bug where account passwords were being written to an internal log before completing a masking/hashing process. We’ve fixed, see no indication of breach or misuse, and believe it’s important for us to be open about this internal defect.” The reports have suggested that Twitter had discovered the flaw a few weeks and has reported it to some regulators.
As per reports, Twitter normally protects users passwords through a process called hashing, in which actual characters of the password are replaced with random letters and numbers. The bug allowed passwords to be kept in an “internal log” without hashing so they were stored in their readable text format. To help its users to easily change the password, Twitter is presenting a pop-up window to users that include a message about the bug and a link to their Settings page where they can change the password.