According to Twitter, the bug occurred due to an issue in the hashing process that masks passwords by replacing them with a random string of characters that get stored on Twitter’s system. But due to an error with the system, apparently passwords were being saved in plain text to an internal log, instead of masking them with the hashing process. Twitter claims to have found the bug on its own and removed the passwords. It’s working to make sure that similar issues don’t come up again.
Twitter hasn’t revealed how many users’ passwords may have potentially been compromised or how long the bug was exposing passwords before it found and fixed the issue. But the fact that the company is urging its entire user base to change their passwords indicates that it would seem to be a significant number of users."
Get more at theverge.com