The company's chief technology officer, Parag Agrawal, said in a blog post that it had recently found a bug that stored passwords, unmasked, in an internal log.
"We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone," he wrote. "We are very sorry this happened."
CEO Jack Dorsey echoed Agrawal, saying in a tweet that the company believes "it’s important for us to be open about this internal defect."
We recently discovered a bug where account passwords were being written to an internal log before completing a masking/hashing process. We’ve fixed, see no indication of breach or misuse, and believe it’s important for us to be open about this internal defect. https://t.co/BJezo7Gk00— jack (@jack) May 3, 2018
The San Francisco-based company advised its 336 million users to change their password on Twitter and any other service where they may have used the same password.