If not quite on the order of Facebook’s Cambridge Analytica scandal, Twitter is facing a security snafu of its own.
Due to what it’s calling a “bug,” the company is urging its entire user base to change their personal passwords.
“We recently identified a bug that stored passwords unmasked in an internal log,” Twitter Chief Technology Officer Parag Agrawal admits in a new blog post.
Agrawal claims to have fixed the glitch and says an internal investigation showed no indication of breach or misuse by any bad actors.
Yet, “we ask that you consider changing your password on all services,” he warns Twitter’s roughly 300 million users around the world.
Under normal conditions, Twitter is able to mask passwords through a process called “hashing,” which used a function known as “bcrypt.” This replaces the actual password with a random set of numbers and letters, which are stored in Twitter’s system.
“Due to a bug, passwords were written to an internal log before completing the hashing process,” according to Agrawal. “We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.”
Trying to repair its relationship with consumers wary of privacy abuses, Twitter has recently taken a more aggressive approach to offenses, both perceived and real.
Among other efforts, the company recently said it suspended more than 1.2 million accounts because of terrorism content since mid-2015.
The aggressive effort appear to be paying off.
For the second quarter in a row, Twitter just reported a profit. During the first quarter, the company reported net income of $61 billion. By contrast, it suffered a net loss of $62 during the same period last year.