Twitter Inc. has advised users to change passwords following a discovery of a bug in its system that exposed passwords in plain text internally.
The shares of the social media company dropped as much as 2.7% hours after the bug disclosure. The stock closed at $30.67 earlier in New York.
The company has informed that it has removed the non-encrypted passwords from the system and working actively to prevent any such issue from rehappening.
The top executive in the company said “out of an abundance of caution” users should consider changing their passwords.
We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password. https://t.co/RyEDvQOTaZ
— Twitter Support (@TwitterSupport) May 3, 2018
Parag Agrawal, Twitter’s Chief Technology Officer said,
We have fixed the glitch and the internal investigation shows no indication of breach or misuse by anyone. We are very sorry this happened and recognize and appreciate the trust you place in us and are committed to earning that trust every day.
While online privacy scares have become a commonplace these days, Twitter’s misstep seems disturbing as there is no reason for companies to store passwords in plain text, said Phil Libin, a startup founder, and venture capitalist.
Libin wrote in his twitter account that it’s not a breach as the bug seems grossly negligent. He expressed his annoyance saying that it was not even a lazy way to code a password handler and the mistake required an effort.
The disclosure has come in a scenario where regulators and lawmakers all around the world are scrutinizing the way companies regulate and use user’s private data after a string of security breach incidents with Facebook, Equifax Inc, and Uber Technologies.
Twitter hasn’t disclosed the bug but has informed: “to help people make an informed decision about their account security”. The social media giant has reported an average active user base of 336 million accounts worldwide For the first quarter of 2018 that ended on March 31.