Twitter has advised its more than 300 million users to change their passwords immediately after a bug resulted in “unmasked” passwords to be stored internally.
Twitter said that there was “no indication” that the details had yet been misused but it has warned users to change their login information to be safe.
It said in a statement: “We recently found a bug that stored passwords unmasked in an internal log.
“We fixed the bug and have no indication of a breach or misuse by anyone.
“As a precaution, consider changing your password on all services where you’ve used this password”.
Twitter practice is to store passwords encrypted, or “hashed,” so they are masked to even people inside the company, Twitter chief technology officer Parag Agrawal explained in a blog post.
“Due to a bug, passwords were written to an internal log before completing the hashing process”, he said.
“We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again”.
Twitter did not reveal how many passwords were affected.
However, it is understood the number of affected accounts was “substantial” and that they were exposed for “several months”.
Twitter Chief executive Jack Dorsey tweeted to say the “bug” had now been fixed.