Twitter calls for all users to change their passwords over a bug
Company says there is 'no indication of a breach or misuse by anyone'
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Twitter has urged all of its more than 330m users to change their account passwords, after discovering a bug that the company says saved users' passwords without proper encryption.
The company said they had detected and fixed the bug, and found "no indication of a breach or misuse by anyone". Still, they urged users to change their passwords as a precaution.
Users who visited the site on Thursday saw a pop-up message encouraging them to change their passwords "out of an abundance of caution".
It was unclear how many accounts were affected. A person familiar with the issue told Reuters that the number was “substantial” and that the problem had persisted for several months.
This person also said Twitter discovered the bug a few weeks ago, and had reported it to some regulators.
Twitter CTO Parag Agrawal tweeted an apology for the issue, adding: "We are sharing this information to help people make an informed decision about their account security. We didn’t have to, but believe it’s the right thing to do."
A statement on the company's website explained that Twitter usually saves passwords in its system as a combination of random letters and numbers. The bug caused some of the passwords to be saved before they were replaced with the random code, leaving them "unmasked" in Twitter's internal log.
"We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again," the company said.
The announcement comes on the heels of a major privacy scandal at Facebook, in which the company said a third party had accessed the personal data of up to 87m users – many of them without their knowledge. The scandal resulted in a two-day hearing on Capitol Hill, where Facebook founder Mark Zuckerberg faced tough questions from legislators about user privacy.
In response to similar issues, the European Union recently passed a digital privacy law, called the General Data Protection Regulation, which restricts how personal information is collected and handled online.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments