Watch CBS News

Twitter Tells Users To Consider Changing Passwords After Bug

(CBS) - A glitch at Twitter has prompted the social media company to urge its more than 330 million users to consider changing their account passwords after some of them were exposed on its internal computer network. The company wrote a blog post informing users of the incident Thursday.

CNET reports that the passwords were "unmasked in an internal log." There is no indication of how many users were affected, and the company said its investigation showed no passwords were misused or breached.

"Out of an abundance of caution, we ask that you consider changing your password on all services where you've used this password," Twitter said.

Jack Dorsey, the CEO of the San Francisco-based company, addressed the issue (on Twitter of course), to say that the company "believes it's important for us to be open about this internal defect":

We recently discovered a bug where account passwords were being written to an internal log before completing a masking/hashing process. We've fixed, see no indication of breach or misuse, and believe it's important for us to be open about this internal defect.

There is no immediate word as to how long the "internal defect" existed before it was discovered.

What happened?

Twitter explained the glitch in its blog post by saying a process called "hashing" didn't fully complete.

"We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter's system," Twitter wrote. "Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords and are implementing plans to prevent this bug from happening again."

The "hashing" process is industry standard, Twitter noted.

Securing your account

Twitter listed four tips on how to tighten up your account, including: changing your password, using a strong password, enabling login verification and using a password manager.

CNET reports that some Twitter users have seen a screen pop up Thursday (see below) that mentions the bug. It includes a link to user settings.

180503-twitter-security-password-glitch-today.png
View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.