Twitter: A few hacked accounts, many reset passwords

Twitter sent out a large number of emails on Thursday warning users that their accounts might have been compromised. A few accounts were hacked, but it's not a large-scale assault. Twitter says it accidentally reset a large number of passwords for users who weren't under attack.

Jeff Chiu/AP/File
The Twitter logo hangs in the company's San Francisco offices in this file photo. Twitter said Thursday that it had accidentally expanded a routine security procedure to many of its users, resetting passwords and sending out warning emails.

If you’re among those who received an email from Twitter asking you to reset your password -- don’t worry, your account (probably) wasn’t hacked. This is just what it looks like when Twitter accidentally loops way too many people into a routine security procedure.

Since Twitter is such a big platform, at any given time there are a few accounts that might have been compromised. When Twitter sees activity that indicates an account has been hacked, it automatically resets that account’s password to lock out intruders and sends the user a warning email about what’s going on. Twitter reminded everyone on Thursday that the procedure is “a routine part of our processes to protect our users.”

But the company accidentally cast the net way too wide, resetting the passwords of many accounts and sending out emails to all those users warning them of suspicious activity. There definitely were some attacks on accounts Thursday morning – Natasha Lomas at TechCrunch describes how the website's handle was hacked, for example -- but Twitter isn’t being besieged by hackers. Twitter spokeswoman Carolyn Penner told Reuters that there had not been a security breach.

In a statement about the event, Twitter admitted that it had “unintentionally reset passwords of a larger number of accounts, beyond those that [it] believed to have been compromised.”

We don’t know what triggered the resets, or how many people were asked to change their passwords -- although a quick scan of Twitter itself suggests that the email went out pretty widely.

With that said, it’s probably not a bad idea to change your Twitter password, just in case.

Twitter provided a link to do so in the email it sent to users -- but while that email is legitimate, it’s good to get in the habit of visiting sites directly when security is a concern. (Phishing scams often send out emails that appear official, with misleading links that can send your personal information to shady sites.) And it’s always wise to avoid repeating passwords across different websites -- so if your Twitter account ever does get hacked, you won’t be stuck wondering whether the attackers were able to access your other accounts with the same password.

Did Twitter reset your account password? Tell us about it in the comments section below. And follow us on Twitter @venturenaut (we had to reset our password, but don’t worry; everything’s fine).

of stories this month > Get unlimited stories
You've read  of  free articles. Subscribe to continue.

Unlimited digital access $11/month.

Get unlimited Monitor journalism.