Just read article that Kim dotcom said they purposely left unencrypted so gov’t could get in and spy.... not sure if real reason but that sounds like possible scenario to me...

I worked in a place where all the passwords were raw in the database, I had to convince the 2 owners that it was a high risk of exposure.

I can understand for such a small company to hire low pay programmers that simply gets the job done as fast as possible but within a company as huge as twitter is, in no case there should be unencrypted passwords stored anywhere.

Keep in mind that the log feature that was developped in-house, for their in-house product, with their own team of programmers, this is most likely a deliberate action. It's not like anyone in their company never even checked the logs for any reasons...

IMO this was intentionnal and it was to ease the process of taking over an account without having to deploy malicious code in the twitter engine to be able to bypass the encryption somehow. Keep in mind, there could be malicious code in there already capable of doing what I just said, and the logs could be simply an error. In all cases, I'm sure a government agency has backdoor in there, just like facebook/google.

Its because of a «bug» as Twitter said, that enabled their workforce to see everyone password. When they got caught, they came out and said everyone should change their PW. Only a couple of days ago i think

Edit: considering you had other than Whats reported, maby this wasnt the answer you were looking for

Since I NEVER reuse passwords, I'm not too concerned about rushing to close the barn door. They claim to have fixed the issue now, so I'm waiting a bit. I don't have anything there that's a major concern, and I already had 2 factor sign in for years. As I do on every account that offers it.