Twitter revealed that they had discovered a bug in their password storage system yesterday. As a result, the social media giant’s top technology executive is urging users to change their passwords “out of an abundance of caution.”
The company’s shares fell 2.7% in after-hours trading after their announcement. In a brief but telling blog post, Twitter’s CTO Parag Agrawal disclosed that the company was able to fix the glitch, while also revealing that an extensive internal investigation “shows no indication of breach or misuse by anyone.”
Agrawal apologized for the mishap, noting how the folks over at Twitter “recognize and appreciate the trust you place in us, and are committed to earning that trust every day.”
The company did not reveal how many users’ passwords were stored in the text, but recent data shows that their average monthly user count reaches upwards of 336 million accounts worldwide.
Agrawal notes how the company uses an industry-standard “hashing” password storage mechanism which effectively replaces a user’s actual password with a “random set of numbers and letters that are stored in Twitter’s system.” However, the recently-discovered bug enabled passwords to be stored without fully completing the hashing process.
As a result, Agrawal assures the general public that he and his team “found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.”
We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password. https://t.co/RyEDvQOTaZ
— Twitter Support (@TwitterSupport) May 3, 2018