Following an internal audit, Twitter has admitted that due to a bug in its password storage mechanism it accidentally logged some users’ passwords in plain text in internal logs.
“Due to a bug, passwords were written to an internal log before completing the hashing process,” a Twitter spokesperson said. “We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.”
“Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password. You can change your Twitter password anytime by going to the password settings page.”
Today’s disclosure comes shortly after GitHub made a similar announcement earlier this week, describing a similar incident.