Twitter recommends its users to change their account passwords, as they were kept in the internal journal in decoded format for some time, according to the blog of Twitter’s Chief Technology Officer Parag Agrawal.
According to Agrawal, the mistake was made and “there were no signs of intrusion or illegal use” of passwords, but it is better to change them.
“As a precaution, we ask you to consider possibility of changing the password for all services, in which you used this password. You can change your Twitter password any time by entering the password setting page”, according to the message.
Agrawal explained that the system encodes user passwords through the hashing process by using the function, known as bcrypt, which replaces the actual password with a random set of digits and letters, kept in Twitter. It allows the system to check the account’s data, not revealing the password.
“Due to the mistake, the passwords were recorded to the internal journal before completion of the hashing process. We found this mistake by ourselves, deleted passwords and realize plans on preventing doing this mistake again”, Twitter’s Chief Technology Officer Parag Agrawal said.