Twitter advised users on Thursday to change their passwords after it discovered a bug that caused the platform to store them in plain text in an internal log.
Though the company claims that it has already fixed the issue and that there were no signs of a breach, CTO Parag Agrawal wrote in a blog post that users should still take this safety measure “out of an abundance of caution.”
Tech companies typically convert the passwords they store into a random series of symbols in a process called hashing, which allows them to verify logins without revealing the actual password. Twitter in this case found that the passwords had been posted on an internal log before the encryption was complete.
The company has not said how many passwords were affected or for how long, though an anonymous source told Reuters that a “substantial” number were exposed “for several months.” The source also claimed that Twitter caught the bug a few weeks ago and subsequently reported it to regulators.