Caption

Twitter urges all users to change passwords after discovering privacy bug

Twitter chief technology officer Parag Agrawal issued a statement Thursday asking users to consider changing their Twitter password following an issue with unmasked passwords.


» RELATED: You need to change your password now if it’s on this list

“When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it,” Agrawal wrote in a company blog post.  “We recently identified a bug that stored passwords unmasked in an internal log.”

The tech industry, including Twitter, typically masks passwords with a function known as bcrypt. In this process, according to Agrawal, passwords are replaced with a random set of letters and numbers, which are stored in the system and allow account validation without exposing passwords.

Recommended for you

Recommended for you

Recommended for you

Most read

  1. 1 Kennesaw State cheerleader who kneeled during anthem was on 'The View'
  2. 2 Pink Pony strip club files for bankruptcy
  3. 3 Cobb police officer, 22, helps pull woman from burning car

» RELATED: You don’t have to #DeleteFacebook — 7 tips to lock down your privacy without leaving social media

But the bug, which has since been fixed, caused the passwords to be written to an internal log before the hashing process via bcrypt was complete.

The company came across the error, removed the passwords and are working on prevention methods. They found no indication of breach or misuse.

“We are very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day,” Agrawal wrote.

» RELATED: Did you fall for these fake ads? How Russian trolls got into your Facebook feeds

To change your Twitter password, visit the password settings page. You may also want to change your password on any services where the same password may have been used.

Remember to use a strong password and enable login verification, an extra layer of security that requires both your password and a code sent to your mobile phone to log in.

Other password tips:

1. Use a variety of characters including numerical, uppercase and lowercase letters and other special characters.

2. Avoid dictionary terms.

3. Use a password manager.

More at blog.twitter.com.

More from AJC