Twitter on Thursday apologized and asked users to consider changing passwords for their accounts after the company said it identified a bug in their systems that unmasked passwords internally.
In a statement, the company said, “We are very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.”
While Twitter said it did not find any indication of a data breach and that it was able to remove the recorded passwords, the company still recommended that users change their passwords not only to their Twitter accounts but also to any other account that used the same password.
The company released a statement on their website explaining the typical password-masking process, called hashing, in which the actual password a user types in is replaced with random letters and numbers when stored by Twitter. The company said it discovered the hashing process had not been completed when their system saved passwords, so the actual characters of users’ passwords were saved.
Twitter provided the following suggestions to users for the safety of users’ accounts:
- Change your password on Twitter and on any other service where you may have used the same password.
- Use a strong password that you don’t reuse on other websites.
- Enable login verification, also known as two factor authentication. This is the single best action you can take to increase your account security.
- Use a password manager to make sure you’re using strong, unique passwords everywhere.