Twitter says it recently identified a bug that stored passwords unmasked in an internal log and although there is no indication of breach or misuse by anyone, the social network is urging users to change their passwords.
Twitter mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter's system. This allows Twitter's systems to validate account credentials without revealing passwords.
Due to a bug, passwords were written to an internal log before completing the hashing process, Twitter said.
The disclosure comes as lawmakers and regulators around the world scrutinize the way that companies store and secure consumer data, after a string of security incidents that have come to light at firms including Equifax, Facebook and Uber.
The company advised users to take precautions to ensure that their accounts are safe, including changing passwords and enabling Twitter's two-factor authentication service to help prevent accounts from being hijacked.