The lapse is understood to have affected a ‘substantial’ number of users, leaving their logins unprotected for ‘several months’ before the company became aware of the issue several weeks ago.
Conceding that it had dropped the ball the social network held its hands up in a blog post and a flurry of tweets, claiming that the oversight had now been resolved and there was no indication that the compromised data had found its way into the hands of bad actors.
Nevertheless Twitter is taking the bold step of encouraging everyone to switch passwords as a precautionary measure.
In a tweet Twitter chief executive Jack Dorsey wrote: “We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password.”