Twitter said Thursday it has found a bug and recommends that everyone who uses its platform change their password.
Twitter said it stores passwords in its system but it masks them by replacing the actual password with a random set of numbers and letters. Twitter says that allows the system to validate users' credentials without revealing their password to anyone, which is common practice across the industry.
However, the company said it recently discovered a bug, and that the passwords were being stored unmasked in an internal log.
We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password. https://t.co/RyEDvQOTaZ— Twitter Support (@TwitterSupport) May 3, 2018
After investigating, the company said there was no indication of a breach or misuse of the information, but out of an abundance of caution, people should go ahead and change their passwords anyway.
The company recommends that in addition to changing their passwords, users should enable "login verification," which is a two-step authentication process to increase account security.