Twitter urges all users to change passwords after discovering privacy bug

The Universities of Southern California (USC) and Indiana conducted a study of Twitter's bot population. After using about 1,000 features across 6 categories, they found that 9 to 15 percent of the site's monthly users are bots. That estimate puts the bot population anywhere between 28.7 to 47.9 million accounts. Twitter's spokesperson referred to a February filing made to the Securities and Exchange Commission that it estimates 8.5 percent of accounts to be automated. Last year, USC also found that a wea

Twitter chief technology officer Parag Agrawal issued a statement Thursday asking users to consider changing their Twitter password following an issue with unmasked passwords.

» RELATED: You need to change your password now if it's on this list

"When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it," Agrawal wrote in a company blog post.  "We recently identified a bug that stored passwords unmasked in an internal log."

The tech industry, including Twitter, typically masks passwords with a function known as bcrypt. In this process, according to Agrawal, passwords are replaced with a random set of letters and numbers, which are stored in the system and allow account validation without exposing passwords.

» RELATED: You don't have to #DeleteFacebook — 7 tips to lock down your privacy without leaving social media

But the bug, which has since been fixed, caused the passwords to be written to an internal log before the hashing process via bcrypt was complete.

The company came across the error, removed the passwords and are working on prevention methods. They found no indication of breach or misuse.

“We are very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day,” Agrawal wrote.

» RELATED: Did you fall for these fake ads? How Russian trolls got into your Facebook feeds

To change your Twitter password, visit the password settings page. You may also want to change your password on any services where the same password may have been used.

Remember to use a strong password and enable login verification, an extra layer of security that requires both your password and a code sent to your mobile phone to log in.

Other password tips:

1. Use a variety of characters including numerical, uppercase and lowercase letters and other special characters.

2. Avoid dictionary terms.

3. Use a password manager.

More at