An untold number of Twitter users Thursday received suspicious emails alerting them their passwords had been reset following a loosely defined, third-party hack.
The emails are apparently legitimate, though they were sent to more than victims of compromised accounts.
“We’re committed to keeping Twitter a safe and open community,” reads a notice the company issued earlier Thursday. “As part of that commitment, in instances when we believe an account may have been compromised, we reset the password and send an email letting the account owner know this has happened along with information about creating a new password. This is a routine part of our processes to protect our users.
“In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused.”
Twitter officials have not disclosed how many uncompromised accounts had passwords reset, nor any more on the attack that led to those actions. The social media site currently has 140 million active users.
The email from the company opens with: “Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We’ve reset your password to prevent others from accessing your account.” It then provides a link that some users say is reminiscent of embedded URLs used in phish scams.
Some victims reported having select tweets deleted, while others started sending out spam.