Twitter urges all its more than 330 million users to immediately change their passwords after an error exposed them in plain text. While the Twitter investigation showed that there was no evidence of a violation or incorrect use of unmasked passwords, the company recommends that users change their Twitter passwords for "a lot of caution," both on the site and Anywhere else they may have used that password, which includes third-party applications like Twitterrific and TweetDeck.
According to Twitter the error occurred due to a problem in the hash process that masks the passwords replacing them with a random string of characters that are stored in the Twitter system. But due to an error with the system, apparently the passwords were saved in plain text in an internal registry, instead of masking them with the hash process. Twitter claims to have found the error itself and removed the passwords, in addition to working to ensure that similar problems do not recur.
We recently encountered an error that stored the unmasked passwords in an internal register. We solve the error and we have no indication of non-compliance or misuse by anyone. As a precautionary measure, consider changing your password in all the services in which you have used this password. https://t.co/RyEDvQOTaZ
– Twitter Support (@TwitterSupport) May 3, 2018
Twitter has not revealed how many user passwords may have been compromised or how long the error was. expose passwords before it finds and solved the problem. But the fact that the company requires the entire user base to change its passwords indicates that it would appear to be a significant number of users.