Twitter said on Thursday that it found a bug in how it stores passwords, which meant they weren't scrambled to protect them from attack.
Twitter said it hashes passwords so that they're stored as a random mix of numbers and letters. It discovered password logs where the passwords hadn't been hashed, however.
"Due to a bug, passwords were written to an internal log before completing the hashing process," Twitter explained in a blog post. "We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again."
Twitter said it doesn't believe "information ever left Twitter's systems or was misused by anyone," but recommends that users change their passwords and enable two factor authentication.
You can change your password by visiting Twitter's password reset page. Twitter is also alerting users with a splash page that will take you directly to the reset page. Here's what it looks like: