Twitter urges users to change 'unmasked' passwords

SAN FRANCISCO • Twitter has urged its more than 300 million users to change their passwords, saying they had been unintentionally "unmasked" inside the company by a software bug.

The social media site said it found no sign that hackers accessed the exposed data, but advised users to change their passwords to be safe.

Twitter practice is to store passwords encrypted, or "hashed," so they are masked even to people inside the company, Twitter chief technology officer Parag Agrawal explained in a blog post.

"Due to a bug, passwords were written to an internal log before completing the hashing process," he said. "We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again."

The San Francisco-based company did not say how many passwords were exposed or how long data was vulnerable to snooping.

"Out of an abundance of caution, we ask that you consider changing your password on all services where you've used this password," Mr Agrawal told users.

"We are very sorry."

The stumble comes as the sector faces intense scrutiny over the protection of personal data online, in the wake of the Cambridge Analytica scandal which saw information from tens of millions of Facebook users hijacked and misused.

Going public with a security slip and getting users to take precautions is preferable to remaining mum and hoping no data was taken, according to independent technology industry analyst Rob Enderle.

"When in doubt, it is better to have people change passwords than to be wrong," he said.

"With security, it is always better to err on the side of caution."

Twitter co-founder and chief executive Jack Dorsey said in a tweet that included a link to Mr Agrawal's blog post: "Openly admitting our mistakes quickly, learning, and moving on .

"I love my teammates."

Twitter last week reported its second consecutive quarterly profit, boosting the outlook for the platform after years in the red.

The social network earned US$61 million (S$82 million) in the first three months of the year, helped by strong growth in advertising revenue and modest gains in users. Its key metric of monthly active users has increased by six million from late last year to 336 million.


A version of this article appeared in the print edition of The Straits Times on May 05, 2018, with the headline 'Twitter urges users to change 'unmasked' passwords'. Print Edition | Subscribe