Twitter stated that they patched the issue and has discovered "no indication of breach or misuse" though it suggested that users change their passwords on the website and other services as a precaution.
This industry standard practice allows Twitter to validate users' account credentials without revealing their password. It discovered this error, got rid of the passwords, and is now implementing plans to make sure this doesn't happen again. On iOS and Android, users will have to go to the "Settings & Privacy" page, tap on "Account" and tap on "Change password".
We are sharing this information to help people make an informed decision about their account security. "We are very sorry this happened", Twitter posted on its blog.
Twitter says it's now fixed the error, and there's no evidence of a breach or any malicious action, but it's best to play it safe.
"I should not have said we didn't have to share".More news: Madrid hold off Bayern to reach final again
So, PSA: Your password was stored unencrypted in Twitter's system and you should probably change it, as soon as possible.
In essence, Twitter's top engineer is saying that, yes, it's true the company had passwords just sitting around in an unencrypted environment, but at least it admitted it. I have felt strongly that we should. When you log in, whatever you enter in the password field is quickly run through the same hashing algorithm and then compared to your hashed password on file.
Make sure you create a password that's strong with a mix of lowercase/uppercase letters, numbers, and special characters.
If you have implemented two-factor authentication for Twitter, the risk of access to your account is much lower, but someone who has access to the account data might use it to attempt to gain access to email and other Web accounts.
When you sign in to Twitter after setting up login verification, you start the process as usual but are asked to enter the code sent to your mobile phone in a second login verification step.