Twitter has urged its 336 million users to change their passwords after the company discovered a bug that stored passwords in plain text in an internal system.
"As a precaution", Twitter on Thursday recommended its users to consider changing their password on all services where they have used the same password.
The company also assured it has fixed the problem and have seen "no indication of breach or misuse", the Guardian reported.
On trying to login, a pop-up message said: "Keeping your account secure. When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it.
"We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone.
"Out of an abundance of caution, we ask that you consider changing your password on all services where you've used this password."
"We are very sorry this happened," said Twitter's Chief Technology Officer, Parag Agrawal, in a blogpost. "We recognise and appreciate the trust you place in us, and are committed to earning that trust every day."
Companies with good security practices typically store user passwords in a form that cannot be read.
In Twitter's case, passwords are masked through a process called hashing, which replaces the actual password with a random set of numbers and letters that are stored in the company's system, the Gaurdian reported.
"This allows our systems to validate your account credentials without revealing your password," said Agrawal. "This is an industry standard."
"Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again."
In an initial tweet, Agarwal said the company did not have to tell users about the bug, but nevertheless did. But on receiving criticism for saying so, he followed it up with an apology, the Time reported.
"I should not have said we didn't have to share. I have felt strongly that we should. My mistake," he tweeted.
Twitter's CEO Jack Dorsey tweeted that he believes "it's important for us to be open about this internal defect".
Agrawal advised people to change their passwords, enable two-factor authentication on their Twitter account and use a password manager to create strong, unique passwords on every service they use.
--IANS
in/
Disclaimer: No Business Standard Journalist was involved in creation of this content
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →
Smart Quarterly
₹900
3 Months
₹300/Month
Smart Essential
₹2,700
1 Year
₹225/Month
Super Saver
₹3,900
2 Years
₹162/Month
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app