Twitter recommended on Thursday that all of its 336 million users change their passwords after it discovered a bug that internally stored the passwords in an unprotected manner.
Parag Agrawal, Twitter’s chief technology officer, said in a blog post that Twitter has fixed the issue and that there were no signs that anyone had breached or misused the passwords. Still, the company suggested that users consider changing their passwords on other devices or services if they used the same password as they had on Twitter.
Twitter said it hashes passwords so that they’re stored as a random mix of numbers and letters. It discovered password logs where the passwords hadn’t been hashed, however.
Twitter said it doesn’t believe “information ever left Twitter’s systems or was misused by anyone,” but recommends that users change their passwords and enable two factor authentication.
You can change your password by visiting Twitter’s password reset page. Twitter is also alerting users with a splash page that will take you directly to the reset page. Here’s what it looks like:
Twitter’s CEO Jack Dorsey tweeted that he believes “it’s important for us to be open about this internal defect.”
Shares of Twitter dipped slightly in after-hours trading on the news.