Twitter urges 336 million users to change passwords after bug discovered

Twitter has urged all of its 336 million users to update their passwords after the company discovered that some had been exposed in plain text on an internal server. 

The social media site’s co-founder, Jack Dorsey, said in a tweet that as a result of a software bug, the passwords had been “written to an internal log” prior to the “hashing” process, which masks login details with a series of random letters and numbers before they are stored.

He added that the bug had been “fixed”, and that an internal investigation had found “no indication of breach or misuse” of the exposed data. 

Nevertheless, Twitter users are also being urged to activate two-factor authentication, “to help stop accounts being hacked”, BBC News reports.

The security feature prompts users to enter a code, sent to them either via a text message or through a third-party app, after they have correctly inputed their password.

Although Dorsey didn’t reveal how many passwords had been exposed, a company insider told Reuters that the number was “substantial” and that they had been stored as text files for “several months”.

The source said Twitter had discovered the glitch “a few weeks ago” and reported it to “some regulators”, according to the news site. 

Meanwhile, Twitter’s chief technology officer, Parag Agrawal, provoked anger among users by tweeting that the company “didn’t have to” share information about the data bug, adding that it was simply “the right thing to do”.

Agrawal later apologised for suggesting that the company could have covered up the issue, insisting that he had “felt strongly” that the information should be shared.