Twitter on may 3rd 2018 disclosed that they’d discovered a bug which stored users passwords (in plain text) in an internal log and has fixed the bug
Here is an excerpt from the announcement:
We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system. This allows our systems to validate your account credentials without revealing your password. This is an industry standard.
Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.
You are advised to change your twitter login details (password) and the password of any account of yours (on other websites) where you have used the same credentials, though Twitter Admins have claim they’ve found no evidence that this data was breached or misused by any party, its better to be on the save side
Just as Google’s two-factor authentication (2FA) is available to you, you are further advised to use Twitter’s as this ensures that even if your login details did fall into the wrong hands, you’ll have an extra layer of protection via the verification email or SMS sent to your device.