Twitter did not say how many passwords were affected but it is understood the number was "substantial" and that they were exposed for "several months".
The company has said the bug has been fixed, and that there was no breach.
The glitch was related to Twitter's use of "hashing" and caused passwords to be written on an internal computer log before the scrambling process was completed, the blog said. While Twitter claims that it is only asking users to update their passwords out of "an abundance of caution", we would urge all Twitter users not only to update their Twitter password at once but also any other service that uses the same password. This allows our systems to validate your account credentials without revealing your password.
But Twitter and GitHub have slipped up by inadvertently storing passwords in plain text.
Meanwhile, tech expert Jan Vermeulen says social media users should not take internet security for granted.
CEO Jack Dorsey said in a tweet the company believed it was important to "be open about this internal defect". Twitter reported that it was not a security breach as nobody was able to access the log where the plain text passwords were stored. When a user signs in, their password is linked to the hashed password and Twitter's system can verify it without ever directly seeing the password.
Justin Langer Appointed as Australia Coach
He believes, "It's not just about how we play our cricket, it's about being good citizens and good Australians". A expected, He will be without the services of Steve Smith and David Warner , as they serve their bans .
Shapshak advises that users should opt for a secure password manager to keep log-in details safe.
This article will provide instructions on how you can change your password on Twitter. "Do you think something like that could happen to us?'".
Make sure each new password is also unique or you will have to go through this process again the next time there is a password issue at one of the services you use.
Use difficult and hard-to-guess passwords.
Mr Cluley said enabling two-factor authentication that adds another ID check to login attempts would help "harden" accounts.