“Out of an abundance of caution” Twitter is asking users “to consider changing passwords” after finding a bug on how passwords were being stored. Twitter users can change the password here.
The bug: Twitter masks passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system. This allows Twitter systems to validate user account credentials without revealing the password. An industry standard, says Twitter. Due to a bug, passwords were written to an internal log before completing the hashing process.
Twitter said that it found this error and after that, removed the passwords, and is implementing plans to prevent the bug to happen again.