Twitter has been warning 330 million of its users to change their passwords because of a bug in Twitter’s password hashing.
The company has said the bug has been fixed, and that there was no breach. Despite this, the social media network is still encouraging the password update as a precaution.
‘Stored passwords unmasked’
Twitter wrote on its Twitter Feed: “When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it. We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of misuse or breach by anyone.
“Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password.”
‘Internal database scrambled’
Twitter’s standard security procedure for firms is to scramble or encrypt passwords stored on an internal server. For example, if your password was 9830 it would show up on Twitter’s internal database as 9308.
The social network also reported storing encrypted passwords using a hashing algorithm called bcrypt.
Written by Leah Alger