Twitter Inc urged the over 330 million users of the social media platform to change their passwords following the discovery of a glitch that caused some of them to be stored in plain text on the company’s internal computer system.
The social network said that it had fixed the said glitch and that an internal investigation had discovered no evidence that passwords were misused or stolen by insiders. However, it urged all of its users to consider changing their passwords “out of an abundance of caution.”
The blog did not disclose how many passwords were affected by the glitch. However, a person who is familiar with the response of the company said that the number was “substantial” and that the passwords were exposed for “several months.”
The person said that the bug was discovered by Twitter a few weeks ago and has already reported it to some regulators. The person was not authorized to talk about the matter.
The disclosure appears as regulators and lawmakers across the globe scrutinize the way that companies store and secure the data of consumers, following a series of security incidents that have come to light at companies including Facebook Inc, Uber, and Equifax Inc.
The European Union is set to begin enforcing a strict new privacy law, that is known as the General Data Protection Regulation. It will include steep fees for violating its terms.
According to the blog, the said glitch was related to the use of Twitter of a technology that is known as “hashing” that conceals passwords as a user enters them by replacing them with letters and numbers.
The blog disclosed that a bug caused the passwords to be written on an internal computer log prior to the completion of the hashing process.
The Twitter blog said: “We are very sorry this happened.”
The share price of Twitter was down by 1 percent in extended trade at $30.35, after increasing by 0.4 percent during the session.
The company advised its users to take precautions to make sure that their accounts are kept safe, including changing passwords and enabling the two-factor authentication service of Twitter to help prevent their accounts from being hijacked.