Twitter has fixed a bug that caused users' passwords to be stored on its servers without any encryption.
In a blog post by Parag Agrawal, Twitter's Chief Technical Officer, the company has disclosed a bug that caused passwords to be stored in plaintext format without any encryption within internal logging. The social network did not disclose how many users were potentially impacted by this bug, but did recommend users change their passwords as a precautionary measure both on Twitter and other sites where users might have the same password.
Agrawal claims that Twitter has "no reason to believe password information ever left Twitter’s systems or was misused by anyone," though this is not a definitive assertion that the information was not stolen or otherwise accessed. He also recommends utilizing two-factor authentication and a password manager (such as LastPass and KeePass) for users to further safeguard their profiles.