PSA: Twitter tells all subscribers to change their passwords because of bug1
The company did not reveal how many passwords were discovered on the internal log and Twitter executives Jack Dorsey (COO) and Parag Agrawal (CTO) each sent out their own tweets about the bug. Dorsey wrote, "We’ve fixed, see no indication of breach or misuse, and believe it’s important for us to be open about this internal defect." Agrawal tweeted, "We are sharing this information to help people make an informed decision about their account security."
According to a post on Twitter's website, the company uses a program called bcrypt that replaces a password with an entirely random series of letters and numbers. That process is called hashing, and this is how Twitter validates your password without you having to actually reveal it to the company. According to Twitter, this is standard in the industry.
However, a bug allowed the passwords to be entered on an internal log before the hashing process. Twitter says that it found the error itself, removed the password, and is working on a plan to prevent the bug from returning.
If you are concerned about personal privacy and security, your best bet is not only to change your Twitter password, but also change it on any other service you subscribe to that shares the same password as the one you use on Twitter.
source: @TwitterSupport, @jack, @paraga via CNN