Twitter urged users on Thursday to reset their passwords after the company discovered a critical flaw in how passwords were stored unmasked in internal logs.
In other words, Twitter confirmed passwords were not hashed before passwords were written to logs. The company removed passwords from logs and put in safeguards to prevent this issue in the future. Twitter uses the hashing algorithm bcrypt to protect passwords.
Twitter mentioned that an internal investigation discovered the bug, but there was no indication of breach or misuse.
Customers should change their passwords used on Twitter and any other services that use the same password. This also serves as a reminder that users should never use or share the same password across multiple websites as well.