Twitter calls for all users to change their passwords over a bug

The latest headlines from our reporters across the US sent straight to your inbox each weekday

Your briefing on the latest headlines from across the US

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

Twitter has urged all of its more than 330m users to change their account passwords, after discovering a bug that the company says saved users' passwords without proper encryption.

The company said they had detected and fixed the bug, and found "no indication of a breach or misuse by anyone". Still, they urged users to change their passwords as a precaution.

Users who visited the site on Thursday saw a pop-up message encouraging them to change their passwords "out of an abundance of caution".

It was unclear how many accounts were affected. A person familiar with the issue told Reuters that the number was “substantial” and that the problem had persisted for several months.

This person also said Twitter discovered the bug a few weeks ago, and had reported it to some regulators.

Twitter CTO Parag Agrawal tweeted an apology for the issue, adding: "We are sharing this information to help people make an informed decision about their account security. We didn’t have to, but believe it’s the right thing to do."

A statement on the company's website explained that Twitter usually saves passwords in its system as a combination of random letters and numbers. The bug caused some of the passwords to be saved before they were replaced with the random code, leaving them "unmasked" in Twitter's internal log.

"We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again," the company said.

The announcement comes on the heels of a major privacy scandal at Facebook, in which the company said a third party had accessed the personal data of up to 87m users – many of them without their knowledge. The scandal resulted in a two-day hearing on Capitol Hill, where Facebook founder Mark Zuckerberg faced tough questions from legislators about user privacy.

In response to similar issues, the European Union recently passed a digital privacy law, called the General Data Protection Regulation, which restricts how personal information is collected and handled online.