The company's notification came on the day designated as World Password Day.
In a blog post, the social media firm said while passwords were normally hashed using a function known as bcrypt, the bug had resulted in passwords being written to an internal log before the hashing process had been completed.
"We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system," the post said.
"Due to a bug, passwords were written to an internal log before completing the hashing process.
"We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again."
Twitter said that its investigations showed no indication of breach or misuse by anyone.
Earlier this week, the code hosting site GitHub said it had exposed some users' passwords in plaintext after being written to an internal log.