Twitter has told its 336 million users to change their passwords after internally exposing them in plaintext following a hashing 'glitch'.

The warning was made overnight by the company's chief technology officer Parag Agrawal, and users have been urged to change their passwords as a matter of priority when logging-in today.

"When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it. We recently identified a bug that stored passwords unmasked in an internal log," Agrawal said in a blog post on Thursday.

Agrawal explained that although Twitter protocol is to use the Bcrypt hashing function to mask passwords, the bug caused plaintext passwords to be "written to an internal log before completing the hashing process".

"We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again," he added, noting that an investigation "shows no indication of breach or misuse" by anyone.

Twitter didn't reveal how many accounts were affected by the error, but Reuters reports that the number was "substantial" and that passwords were exposed for "several months". The report also claims that the bug was first uncovered a few weeks ago, but has only now been reported to "some regulators".

Following the discovery of the glitch, the company is advising all of its users to change their password on Twitter and on all services where they have used the same password "as a precaution".

Users have also been advised to turn on two-factor authentication, with Agrawal noting: "This is the single best action you can take to increase your account security."

V3.co.uk