The lapse is understood to have affected a ‘substantial’ number of users, leaving their logins unprotected for ‘several months’ before the company became aware of the issue several weeks ago.
Conceding that it had dropped the ball the social network held its hands up in a blog post and a flurry of tweets, claiming that the oversight had now been resolved and there was no indication that the compromised data had found its way into the hands of bad actors.
Nevertheless Twitter is taking the bold step of encouraging everyone to switch passwords as a precautionary measure.
In a tweet Twitter chief executive Jack Dorsey wrote: “We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password."
We recently discovered a bug where account passwords were being written to an internal log before completing a masking/hashing process. We’ve fixed, see no indication of breach or misuse, and believe it’s important for us to be open about this internal defect. https://t.co/BJezo7Gk00
— jack (@jack) May 3, 2018
Twitter’s discomfort comes as the European Union prepares to enforce General Data Protection Regulation that includes steep fines for companies which fail to comply.