The microblogging website said there is no evidence that password have been leaked, but advised users to change their passwords to be safe.
“We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone,” the company tweeted.
“As a precaution, consider changing your password on all services where you’ve used this password.”
The company declined to comment on when the bug was discovered, how long it had been storing passwords in this manner and how many passwords were affected.
Jack Dorsey, CEO of Twitter, also corroborated the threat by tweeting from his personal handle.
You can change your password by visiting Twitter’s password reset page.
The company also suggested widely recommended security tips, like turning on two-factor authentication, choosing unique passwords for every service, and using a password manager app to store them all.