News, views and top stories in your inbox. Don't miss our must-read newsletter Sign up Thank you for subscribing We have more newsletters Show me See our privacy notice Invalid Email

Twitter has urged its more than 330 million users to change their passwords after a glitch exposed some in plain text on its internal computer network.

The social network did not say how many passwords were affected but a person familiar with the company's response said the number was "substantial" and that they were exposed for "several months".

A Twitter spokesman said an internal investigation found no indication passwords were stolen or misused by insiders but told all users to consider changing their passwords "out of an abundance of caution".

"When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it," a spokesman said.

"We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone.

"Out of an abundance of caution, we ask that you consider changing your password on all services where you've used this password."

(Image: Getty Images North America)

Twitter discovered the bug a few weeks ago and has reported it to some regulators, according to reports.

The disclosure comes as lawmakers and regulators around the world scrutinise the way companies store and secure consumer data, after a string of security incidents involving Equifax Inc, Facebook Inc and Uber.

The Twitter spokesman continued: "We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter's system.

"This allows our systems to validate your account credentials without revealing your password. This is an industry standard.

"Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.

"We are very sorry this happened. We recognise and appreciate the trust you place in us, and are committed to earning that trust every day."

(Image: AFP)

The European Union is due to start enforcing a strict new privacy law, known as the General Data Protection Regulation, that includes steep fees for violating its terms.

The glitch was related to Twitter's use of a technology known as "hashing" that masks passwords as a user enters them by replacing them with numbers and letters, according to the spokesman.

A bug caused the passwords to be written on an internal computer log before the hashing process was completed.

Twitter's share price was down 1 percent in extended trade at $30.35, after gaining 0.4 percent during the session.

The company advised users to take precautions to ensure that their accounts are safe, including changing passwords and enabling Twitter's two-factor authentication service to help prevent accounts from being hijacked.