Twitter password reset email: Legit change or phishing hack?

Twitter sends password reset email to many accounts, thanks to a security breach. Or, at least, it looked like a breach, but it may just have been the usual phishing hack attempts. Twitter says it's sorry for sending email to the wrong people, but warns us all to be on our guard where a password change is concerned. The email read, in part, "Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We’ve reset your password. ... You’ll need to create a new password for your Twitter account."

In IT Blogwatch, bloggers check for dodgy DMs.

Twitter

Your humble blogwatcher curated these bloggy bits for your entertainment.

Joab Jackson reports:

Twitter appears to have reset the passwords for a...portion of its user base. ... The notice has left many users perplexed as to if it was a real request, or a forgery. ... The email proves a link to a...password reset page on Twitter. ... The reset page will not let users reuse their old passwords.

...

Twitter usually sends out reset messages whenever large numbers of Twitter accounts have been hijacked.  MORE

Anna Leach tells a sorry tale:

Twitter has apologised for "unintentionally" resetting the passwords for..."a larger number" of accounts than necessary [but] wouldn't elaborate on how many.

...

[It said there was] a security breach in a third-party website that accesses Twitter feeds. ... [But] Twitter has been in touch since...to confirm that there was no security breach.  MORE

And Twitter 'fesses up:

We’re committed to keeping Twitter a safe and open community. ...when we believe an account may have been compromised, we reset the password and send an email letting the account owner know.

...

In this case, we unintentionally reset passwords of a larger number of accounts. ... We apologize for any inconvenience or confusion.  MORE

Errrm, so was there a breach, or wasn't there? Natasha Lomas says "it's real":

[Our] account has been compromised — please don’t click on any links...we’ve now booted out the spammers and regained control. ... If you’re having trouble logging onto your Twitter account but can’t see an email in your inbox don’t forget to check your spam folder.

...

And in future let’s hope Twitter deploys two-factor authentication to bolster account security.  MORE

Meanwhile, Dave Larson gets smart:

Though they don’t say so, the hijack attempts may have been primarily from China. ... When a Twitter account is hijacked, the most common reason is that the [owner] accidentally logged into a fake Twitter page. ... The trick is that the hijackers make the page look EXACTLY like Twitter.

...

The next step is usually that the hijacker will start sending out DMs from your account, usually trying to hijack other accounts...say[ing] things like “was this you in this pic?” or “people are saying bad things about you here:”  MORE
From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies