Twitter has sent a notification to its users warning them of an internal software bug that have unintentionally exposed unmasked passwords by storing them in an internal log.
According to the Twitter CTO, Para Agrawal, Twitter uses the popular bcrypt function to hash passwords. This replaces the actual passwords with a random set of numbers and letters which then allows Twitter's systems to validate user credentials without having to reveal passwords. This also masks the passwords from Twitter employees too.
"Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again", Twitter CTO, Agrawal said in a blog post.
However, Agrawal said the bug has been fixed and an investigation shows no indication of a breach or misuse by anyone.
"We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone", Agrawal said.
He then suggested that Twitter users change their password on all services that they used that particular password on. And, enable two-factor verification authentication so as to increase account security.