Twitter Inc urged its more than 330 million users to change their passwords after a glitch caused some to be stored in readable text on its internal computer system rather than disguised by a process known as “hashing”.
“We recently identified a bug that stored passwords unmasked in an internal log,” Parag Agrawal, Twitter’s chief technical officer, said in a blog post on Thursday afternoon. “We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone.”
The company said, however, that “out of an abundance of caution,” it is advising users to change their Twitter password on all services where it was used.
The blog did not say how many passwords were affected. A person familiar with the company’s response told Reuters the number was “substantial” and that they were exposed for “several months.”
Agrawal said Twitter found the error, removed the passwords, and the social media giant is implementing plans to prevent this bug from happening again.
Office of the Privacy Commissioner of Canada suggests the following tips for creating strong passwords:
- Use a unique password for each website, account, and device that you use.
- Avoid obvious choices such as mother’s maiden name, child’s name, pet’s name or any reference someone may be able to guess through information you have posted elsewhere.
- Make passwords eight or more characters.
- You should choose a password that you will remember, but that won’t be easy to guess. You may want to use a phrase for your password, or the acronyms method, where you use the first letter of each word in a sentence. For example, “I always play tennis with 2 friends on Thursdays at 4.” could become this password, “Iaptw2foTa4.”.
With files from Reuters