Twitter Urges Users to Change Passwords After Finding Bug

Social media company Twitter is urging users have stronger passwords after it announced that a bug allowed passwords to be stored internally without being masked.

When logging in to the social media site, Twitter masks passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system so that no one at the company can see what any user’s password is.

But a bug caused passwords to be stored within an internal log before the hashing process was complete.

While Twitter says the problem is fixed and that there is no evidence that the passwords were misused or left the company’s systems and is recommending that users change their passwords just to be safe.

“We are very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.”

In a blog post, Twitter suggests users use a strong password that’s not used on other sites, enable two-factor authentication and use a password manager to keep track of unique passwords — typical recommendations for online security.

Twitter says the password problem was uncovered recently, but didn’t say exactly when or how long the passwords had been exposed.