Twitter has warned its 330 million users to change their passwords after a glitch exposed some in plain text on its internal network.
The social network said an internal investigation had found no indication passwords were stolen or misused by insiders.
However, it still urged all users to consider changing their passwords “out of an abundance of caution”.
Twitter did not say how many passwords were affected.
It is understood the number was “substantial” and that they were exposed for “several months”.
Twitter discovered the bug a few weeks ago and has reported it to some regulators, an insider told Reuters.
Chief executive Jack Dorsey tweeted:
The glitch was related to its use of “hashing”, which masks passwords as users enters them by replacing them with numbers and letters, according to its blog.
A bug caused the passwords to be stored on an internal computer log before the hashing process was completed.
“We are very sorry this happened,” Twitter said on its blog.
As well as changing passwords, users have been advised to turn on two-factor authentication service to help stop accounts being hacked.
Twitter’s chief technology officer Parag Agrawal initially said the company did not have to reveal the information but believed it was the “right thing to do” – before correcting his “mistake”.