Twitter Resets More Passwords Than Accounts Hacked

An untold number of Twitter users Thursday received suspicious emails alerting them their passwords had been reset following a loosely defined, third-party hack.

The emails are apparently legitimate, though they were sent to more than victims of compromised accounts.

An untold number of Twitter users Thursday received suspicious emails alerting them their passwords had been reset following a loosely defined, third-party hack.

The emails are apparently legitimate, though they were sent to more than victims of compromised accounts.

“We’re committed to keeping Twitter a safe and open community,” reads a notice the company issued earlier Thursday. “As part of that commitment, in instances when we believe an account may have been compromised, we reset the password and send an email letting the account owner know this has happened along with information about creating a new password. This is a routine part of our processes to protect our users.

“In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused.”

Twitter officials have not disclosed how many uncompromised accounts had passwords reset, nor any more on the attack that led to those actions. The social media site currently has 140 million active users.

The email from the company opens with: “Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We’ve reset your password to prevent others from accessing your account.” It then provides a link that some users say is reminiscent of embedded URLs used in phish scams.

Some victims reported having select tweets deleted, while others started sending out spam.

 

 

Suggested articles

Two-Factor Authentication No Cure-All for Twitter Security Woes

Calls for Twitter to implement two-factor authentication would not have prevented the hijacking of the Associated Press account last week, experts said. Meanwhile, a new tool for detecting compromised social network accounts called COMPA, could provide a measure of early detection.

Discussion

  • Cher on

    Hi,

     Regarding Emails from Twitter, I received one or more on various Email accounts and deleted them, thinking that if I did not contact them it wasn't likely that they contacted me. I'd not heard about their system being hacked so was in the dark about the situation. I appreciate your reports and view you as a trusted source, but receive so many random spam Emails that mail like this is just ignored by me. G

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.