Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.Twitter's CTO didn't say exactly how many users the flaw affected. Other reports indicated the bug's impact could extend to all of Twitter's more than 330 million members. Given the nature of the flaw, Agrawal urged all users to "consider" changing their passwords. The company did not issue a hard reset of members' credentials, presumably because it found no "indication of a breach or misuse by anyone" at the time of discovery. https://twitter.com/TwitterSupport/status/992132808192634881 Users of the social media platform shouldn't leave anything up to chance. They should use these experts' advice to replace their existing password with a strong combination. That means they should change their password for all of their accounts across which they reused their Twitter credentials. Ideally, they should set a unique password for each of their web accounts and store them using a password manager. Twitter members should also considering activating additional security measures on their profiles. In particular, they should enable login verification, or Twitter's version of two-factor authentication (2FA). They can learn more about this feature here.