Twitter sends out e-mail to users requiring them to change their password due to a compromise

Twitter acknowledges a compromise of accounts, sends out e-mail requiring users to change passwords.

@tracehagan

Published Nov 8, 2012 12:29 PM CST
Updated Nov 3, 2020 1:26 PM CST

1 minute & 57 seconds read time

Twitter may have withstood the election wave of tweets successfully, but their security is apparently still pretty lax. Today, Twitter sent out an e-mail to a large number of users urging them to change their respective passwords. The root cause for this is that several (number undetermined) accounts had been compromised through a third-party site.

Twitter sends out e-mail to users requiring them to change their password due to a compromise | TweakTown.com

The hacked accounts were then used to send out spam, the one problem every website with user contributed content faces. Twitter acknowledged that the accounts had been compromised, changed the passwords on them so as to make them inaccessible, and sent out the following e-mail, which explains some background and provides instructions for getting your account back:

Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We've reset your password to prevent others from accessing your account.
You'll need to create a new password for your Twitter account. You can select a new password at this link: https://twitter.com/pw_rst/...
As always, you can also request a new password from our password-resend page: https://twitter.com/account/resend_password
Please don't reuse your old password and be sure to choose a strong password (such as one with a combination of letters, numbers, and symbols).
In general, be sure to:
Always check that your browser's address bar is on a https://twitter.com website before entering your password. Phishing sites often look just like Twitter, so check the URL before entering your login information!
Avoid using websites or services that promise to get you lots of followers. These sites have been known to send spam updates and damage user accounts.
Review your approved connections on your Applications page at https://twitter.com/settings/applications. If you see any applications that you don't recognize, click the Revoke Access button.
For more information, visit our help page for hacked or compromised accounts.
-The Twitter Team

After DigitalTrends ran this story earlier today, Twitter sent directed them to the following statement in a blog post by the company:

We're committed to keeping Twitter a safe and open community. As part of that commitment, in instances when we believe an account may have been compromised, we reset the password and send an email letting the account owner know this has happened along with information about creating a new password. This is a routine part of our processes to protect our users.
In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused.
As always, we recommend that people review these tips on how to keep their Twitter accounts secure:
https://support.twitter.com/articles/76036-keeping-your-account-secure#

As always, it's a good idea to use different passwords on every website and to make sure that you're entering your log-in information on a legitimate site.