Twitter yesterday announced that they’d discovered and fixed a bug which stored users passwords (in plain text) in an internal log.
Here’s an excerpt from the announcement:
We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system. This allows our systems to validate your account credentials without revealing your password. This is an industry standard.
Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.
While they claim they’ve found no evidence that this data was breached or misused by anyone, you are advised to change your twitter password and the password of any account of yours (on other websites) where you have used the same credentials.
Just as Google’s two factor authentication (2FA) is available to you, you are further advised to use Twitter’s as this ensures that even if your login details did fall into the wrong hands, you’ll have an extra layer of protection via the verification email or SMS sent to your device.