Twitter has announced that it mistakenly reset the passwords of some users as part of a routine security check-up to identify accounts that may have been compromised.
A lot of people have received an email from Twitter saying:
Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We’ve reset your password to prevent others from accessing your account.
You’ll need to create a new password for your Twitter account. You can select a new password at this link:
https://twitter.com/account/resend_password
As always, you can also request a new password from our password-resend page: https://twitter.com/account/resend_password
A lot of people have been tweeting about the same too:
I just received an e-mail from "Twitter" telling me that it has reset my password. Anyone else get this?#phishing?
— Bruce (@BrucieG1948) November 9, 2012
Got an e-mail from twitter telling me that my password had to be changed because they thought my account had been hacked. (cont.)
— David Mitchell (@RealDMitchell) November 8, 2012
Twitter said in its blog on Thursday.
In instances when we believe an account may have been compromised, we reset the password and send an email letting the account owner know this has happened, In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised.
Twitter sought to clear up the confusion with a post on its website a few hours after it sent out emails alerting some users that their accounts had been compromised.
In this case, the security breach seems to be real - the tech news site TechCrunch reported spammers hacked its Twitter account and posted some of those fake get-paid-to-work-from-home offers.
However, a Twitter company spokeswoman said
A very small percentage" of users were notified by e-mail that their passwords were reset.
Here are a few guidelines given by Twitter to keep your Twitter account safe and protected:
Please don’t reuse your old password and be sure to choose a strong password (such as one with a combination of letters, numbers, and symbols).
In general, be sure to:
- Always check that your browser’s address bar is on a https://twitter.com website before entering your password. Phishing sites often look just like Twitter, so check the URL before entering your login information!
- Avoid using websites or services that promise to get you lots of followers. These sites have been known to send spam updates and damage user accounts.
- Review your approved connections on your Applications page at https://twitter.com/settings/applications. If you see any applications that you don’t recognize, click the Revoke Access button.
For more information, you can visit the Twitter help page for hacked or compromised accounts.