Twitter says all 336 million users should change their passwords

Posted at 2:43 PM, May 03, 2018
and last updated 2018-05-03 17:22:47-04

By Heather Kelly CNN Money

Twitter has recommended its 336 million users change their passwords.

The company announced on Thursday it discovered a bug that saved user passwords on an internal log without proper encryption.

Twitter said it has since fixed the issue. Although the company said there is no evidence passwords have been leaked or misused, it is urging its users to update their passwords.

“As a precaution, consider changing your password on all services where you’ve used this password,” the company tweeted.

Related: Your Instagram posts help Facebook crack down on terrorists

The company encrypts user passwords via a process called hashing to keep them safe. But the detected bug stored the passwords in their original form to an “internal log.”

Twitter did not specify how many passwords were stored.

The company declined to comment on when the bug was discovered, how long it had been storing passwords in this manner and how many passwords were affected. But it reiterated to CNN “this is not a breach.”

Twitter is prompting users to change their passwords via a pop-up window on the site that explains the nature of the bug and links to their Settings page.

In addition to changing passwords, Twitter suggests enabling two-factor authentication, which sends an SMS code to users’ mobile devices for extra layer of account security.

CEO Jack Dorsey said in a tweet the company believed it was important to “be open about this internal defect.”

Meanwhile, Twitter CTO Parag Agrawal tweeted an apology for the issue.

“We are sharing this information to help people make an informed decision about their account security. We didn’t have to, but believe it’s the right thing to do,” he said.