Twitter, the social network, and online news giant is sending notifications to each and every registered user (336 million in total) urging them to change their account password. This is because a bug in its system saved user passwords on an unprotected internal log in plain text format.
Although the bug has been fixed and there is no indication of a breach or misuse of passwords the company is sending emails and displaying popups to every user upon signing in to their account explaining what happened and why it is a good idea that they should change their account password without further delay.
“As a precaution, consider changing your password on all services where you’ve used this password,” said the company in a tweet.
Twitter did not mention exactly how many passwords were stored in the log, how long the bug existed or how did it convert encrypted passwords into plain text.
However, the company has apologized for the inconvenience. In a tweet, Twitter’s CEO Jack Dorsey said that “we believe it’s important for us to be open about this internal defect.”
In a tweet, Twitter CTO Parag Agrawal said that “We are sharing this information to help people make an informed decision about their account security. We didn’t have to, but believe it’s the right thing to do.”
This is not the first time that Twitter has urged users to change their passwords. In 2016, the company triggered a warning asking users to immediately change their passwords after a hacker was found selling 33 million Twitter logins on Dark Web with clear-text passwords.
Moreover, just yesterday, it was reported that Twitter sold advertisements to scammers who ran campaigns to spread phishing scams in the name of “Twitter blue verification badge.”
If you are on Twitter change your password right now and also change the password for other sites if you were using the same password. Stay safe online.