The social media network has admitted that some passwords became visible on its internal network. But it insisted no user details were stolen or misused by insiders.
Twitter on Thursday called on its more than 330 million users to change their passwords after some of them were unintentionally "unmasked" internally by a software bug.
The social media site said on its blog that it found no sign that hackers accessed the exposed data, but advised users that they should enter a new password on all services where their current password has been used.
Twitter described how it masks passwords through a process which replaces the word with a random set of numbers and letters that are stored in its system.
This, the firm said, is an industry standard security protocol which allows its systems to validate account credentials without revealing passwords.
Due to a bug, the real passwords were visible in plain text on an internal log. Its tech team quickly fixed the bug, the company said.
Numbers not revealed
Although the company did not reveal how many passwords were affected, a person familiar with the company's response told the Reuters news agency that the number was "substantial" and that they were exposed for "several months."
Twitter and other social media firms are facing intense pressure over the way they store and secure consumer data, following several high-profile scandals, mostly involving Facebook, which allowed the data of hundreds of millions of its users to be harvested for political purposes.
The networks are also under scrutiny for their failure to prevent the proliferation of fake news and hate speech.
mm/aw (AFP, Reuters)