Microblogging site Twitter on Thursday asked its more than 300 million users to change their passwords, saying they had been unintentionally “unmasked” inside the company by a software bug.
The site however said it found no evidence that hackers accessed the exposed data, but called on users to be on the safe side and change their passwords.
This was contained in a blog post by Twitter chief technology officer Parag Agrawal, who said their practice is to store passwords encrypted, or “hashed,” so they are masked to even people inside the company.
“Due to a bug, passwords were written to an internal log before completing the hashing process,” he said.
“We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.
“Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password”
The American social media giant did not specify how many passwords were exposed or how long the glitch made data vulnerable to snooping.
“We are very sorry this happened,” he said.
The glitch comes amid heightened scrutiny over the protection of personal data online in the wake of the Cambridge Analytica scandal which saw information from tens of millions of Facebook users hijacked and misused.
Experts say going public with a security slip and getting users to take precautions is preferable to remaining mum and hoping no data was taken, according to independent technology industry analyst Rob Enderle.
“When in doubt, it is better to have people change passwords than to be wrong,” Enderle said.
“With security, it is always better to err on the side of caution.”
Twitter shares dropped about a percent to $30.36 in after-market trades that followed word of the password mishap, but it’s unlikely that users will ditch the platform because of the breach.