CNET reports that the passwords were "unmasked in an internal log." There is no indication of how many users were affected, and the company said its investigation showed no passwords were misused or breached.
"Out of an abundance of caution, we ask that you consider changing your password on all services where you've used this password," Twitter said.
Jack Dorsey, the CEO of the San Francisco-based company, addressed the issue (on Twitter of course), to say that the company "believes it's important for us to be open about this internal defect":
Twitter explained the glitch in its blog post by saying a process called "hashing" didn't fully complete.
"We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter's system," Twitter wrote. "Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords and are implementing plans to prevent this bug from happening again."
The "hashing" process is industry standard, Twitter noted.
Twitter listed four tips on how to tighten up your account, including: changing your password, using a strong password, enabling login verification and using a password manager.
CNET reports that some Twitter users have seen a screen pop up Thursday (see below) that mentions the bug. It includes a link to user settings.