Twitter recommends that you change the password both on Twitter, and anywhere else where you use the same password. Now that we know this, Agrawal seems to be implying that knowledge is power, so change your password or don't. But that reassurance was lost on the masses who believe digital privacy is already a thing of the past.
It will be worth keeping an eye on the situation to see whether there are any long-term effects of this security issue.
Hashes are a form of one-way encryption - input of any length results in a seemingly irreversible jumble of letters and numbers. That is, anyone with access to the storage location could read user passwords in plain text.
Say my Twitter password is Password123 (1, it isn't; and 2, this shouldn't be your password for anything!). That change is a process called hashing, and the jumbled version is called a hashed password.
It's easy to reset your Twitter password, and there are additional security measures you can take to ensure that even if someone gets hold of your details, they'll be unable to log in. The bug allowed passwords to be kept in an "internal log" without hashing so they were stored in their readable text format. Users will have to enter that code in order to completely log in to their Twitter account. Twitter said no one outside or inside the company did that, which is good! It discovered this error, got rid of the passwords, and is now implementing plans to make sure this doesn't happen again.
As well as changing passwords, users have been advised to turn on two-factor authentication service to help stop accounts being hacked. The company also disclosed the password flaw in a regulatory filing on Thursday, indicating that the bug was serious enough to warrant more formal disclosure than a corporate blog post. It furthermore points to additional security protections that you may want to enable on the account to improve security significantly. After this everytime, you will receive a unique password on the registered number to log in.