Twitter user passwords reset after accounts breached

Summary:Many Twitter users have been warned to change their password after an unknown bug left some accounts with deleted tweets or scam-links posted to their feeds.

Is it a bird? Is it a plane? No, it's a password reset message from Twitter, and you should probably do what it says.

An unknown number of Twitter users have received a genuine email from the company warning they should change their password as soon as possible. 

But a Twitter spokesperson told ZDNet that the email was sent to a wider group of users than intended.

twitter-pwd-reset
Twitter password reset warning sent to some users (Thanks, @noodlesnrice for forwarding the email)

In the email, the microblogging company noted: "Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We've reset your password to prevent others from accessing your account." 

It remains unclear how many have been affected by the password reset email or what's caused the mass e-mailing of its users.

A post by TweetSmarter on Wednesday noted that in some cases when "large numbers of Twitter accounts have been hijacked," the company sends out these emails on mass; even sending messages to accounts that may not have been affected by any hack or hijack to err on the side of caution.

So far, a few high profile accounts have noted interference, including David Mitchell, who said:

"Got an e-mail from Twitter telling me that my password had to be changed because they thought my account had been hacked," adding in another tweet: "So I've changed it, but the only evidence of hacking I can find is that my tweet about my Observer column last Sun has disappeared. Weird."

Even rival tech site TechCrunch got pinched by their compromised Twitter account, which appears to be using the high-profile account for nefarious reasons by promoting 'work from home' scam posts

A Twitter spokesperson told ZDNet: "We're committed to keeping Twitter a safe and open community."

"As part of that commitment, in instances when we believe an account may have been compromised, we reset the password and send an email letting the account owner know this has happened along with information about creating a new password. This is a routine part of our processes to protect our users."

However, the recently sent out password reset emails hit a wider scope of Twitter users than were initially intended, the Twitter spokesperson added.

It remains unclear what the root cause of the emails were, but the Twitter status page has been updated with the same information. In this case, it appears as though the mass emailing of password reset emails was a mistake.

"In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused."

It remains unclear what the root cause of the emails were, but the Twitter status page has been updated with the same information. In this case, it appears as though the mass emailing of password reset emails was a mistake.

Update at 12:10 p.m. ET: with comment from Twitter.

Topics: Security, Data Management

About

Zack Whittaker writes for ZDNet, CNET, and CBS News. He is based in New York City.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.