Social media company Twitter Inc encouraged its over 330 million users to change their passwords following the glitch that caused some passwords to be stored in readable text inside the company’s internal computer system instead of being encrypted by a process called “hashing.”
The social networking giant revealed the issue in a blog post and a series of Tweets, stating that it had already fixed the problem. It also claimed that an internal probe has been conducted, and the investigation revealed that there was no indication that passwords were stolen or mishandled by insiders.
Still, the company advised its global users to consider changing all their passwords.
“We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password,” said Chief Executive Jack Dorsey in a tweet.
Meanwhile, the blog did not disclose how many passwords were affected. However, a person familiar with the matter but was not named said that the number was “substantial” and that they were exposed for “several months.”
The revelation comes amid the global regulators’ and lawmakers’ scrutiny of the way that companies store and secure their users’ data, following a series of scrutiny incidents at Equifax Inc, Uber Technologies Inc, and even Facebook Inc.
Later this month, the European Union is scheduled to start implementing a stricter and new privacy law, which is called the General Data Protection Regulation. The GDPR included significant fees for regulators.
The US Federal Trade Commission is tasked to investigate the companies that have been allegedly engaged in deceptive practices related to data security. However, it declined to issue a comment on the matter.
In 2010, the agency settled with Twitter regarding the accusations that the site had “serious lapses” in their data security. The lapses enabled hackers to access private user data on two incidents. The settlement resulted to audits on Twitter’s data security program every other year for a total of 10 years.
Meanwhile, the glitch was associated with the company’s use of “hashing.” The malfunction caused the passwords to be written on an internal computer log prior to the completion of the scrambling process, according to the blog.
“We are very sorry this happened,” said Twitter on its blog.
Twitter’s share price lowered 1 percent during the extended trade, falling at $30.35. The slump came after the company’s shares gained 0.4 percent during the session.
The company urged users to take precautionary measures to ensure that their accounts are safe. Such measures include the changing of passwords and the enabling of Twitter’s two-factor authentication service, which could help prevent accounts from being hijacked and hacked.