In the following blog post from last week, https://blog.twitter.com/official/en_us/topics/company/2018/keeping-your-account-secure.html, Twitter disclosed that due to a bug, user passwords were inadvertently stored as plain text in an internal log. Passwords stored in plaintext are unmasked, so in this instance they were visible to Twitter employees vs. masked via a hashing process. Twitter states that they have no evidence that the data was leaked or misused. Although they have corrected the issue and are implementing processes so this will not occur again, they recommend that you change your Twitter password(s). If you use the same password(s) on any other accounts/services, which is not a recommended practice, you should change those passwords as well.
To change/reset your Twitter password, please see the following Twitter Help Center page: https://help.twitter.com/en/managing-your-account/forgotten-or-lost-password-reset. Please note that Twitter further recommends login verification via two factor authentication as a way to further protect your Twitter account as it will add a layer of security by requiring that you enter a six digit code sent to your mobile phone following your login with your password. Twitter calls two factor authentication “[T]he single best action you can take to increase your account security.” For instructions on how to set up Twitter login verification, please see the following Twitter Help Center page: https://help.twitter.com/en/managing-your-account/two-factor-authentication.
For password best practices and recommendations, please see the following Connect article, Under Lock and Passphrase.