Why is Twitter resetting my password?! Is it a phishing attempt or is has my account already been compromised?! For many users, Twitter’s apology for unintentionally resetting too many passwords isn’t exactly soothing, especially when “security breach” is mentioned.
At a time when even a child can spot a phishing scheme, many were mind-boggled by password reset emails sent by Twitter. Many users were simply confused by the email received from Twitter, not knowing what to make of it: was it a real email from the actual Twitter or…?! Twitter explains that in the attempt to save potentially compromised accounts it ended up resetting too many passwords and thus creating a bit of a chaos.
Information Week writes that many personal and business Twitter accounts were somehow hacked a few days ago. The compromised accounts posted messages that promoted deals for a fake site. Twitter applied the ordinary policy: “If we suspect your account has been phished or hacked, we may reset your password to prevent the hacker from misusing your account”.
The email Twitter users received urging to change their passwords, had a link where users could select a new password and several tips to protect their accounts. When Techcrunch.com published their email from Twitter, many others announced they received the same thing. But according to a recent Twitter apology, it went too far with the password reset.
“We’re committed to keeping Twitter a safe and open community” reads Twitter’s latest statement. “As part of that commitment, in instances when we believe an account may have been compromised, we reset the password and send an email letting the account owner know this has happened” Twitter adds. “In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused”.
But the question remains: was there a security data breach or not. And if it was, how big was it that Twitter had to send mass password reset emails. Dave Larson on TweetSmarter.com explains how Twitter accounts get hijacked and “the most common reason is that the person who owner the account accidentally logged into a fake Twitter page”. Once the hijacker has your email and password, it will start sending emails to your contacts to steal their data too.