Thursday, November 8, 2012

Check Your Inbox, Twitter is Sending Out Password Reset Emails

Change Your Twitter PasswordIt looks like Twitter may have suffered some sort of security breach or there was a highly successful phishing campaign that stole a lot of login credentials, because the micro-blogging site has been sending a large amount of users password reset emails.

Here is a copy of the legitimate email that Twitter is sending to users who have accounts they believe may have been compromised:
Hi, [name]

Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We’ve reset your password to prevent others from accessing your account.

You’ll need to create a new password for your Twitter account. You can select a new password at this link:
https://twitter.com/pw_rst/[RANDOM STRING]

As always, you can also request a new password from our password-resend page: https://twitter.com/account/resend_password

Please don’t reuse your old password and be sure to choose a strong password (such as one with a combination of letters, numbers, and symbols).

In general, be sure to:

  • Always check that your browser’s address bar is on a https://twitter.com website before entering your password. Phishing sites often look just like Twitter, so check the URL before entering your login information!

  • Avoid using websites or services that promise to get you lots of followers. These sites have been known to send spam updates and damage user accounts.

  • Review your approved connections on your Applications page at https://twitter.com/settings/applications. If you see any applications that you don’t recognize, click the Revoke Access button.


For more information, visit our help page for hacked or compromised accounts.

The Twitter Team

If you’re not comfortable clicking the link, Mashable wrote that you will be kicked straight into the password reset cycle the next time you login. After providing your phone number, email address or Twitter username, you will be sent a different email containing a link to enter your new password.

Considering it’s not entirely clear what happened, changing your password even if you didn’t get an email may not be a bad idea.

Update: Twitter updated their blog to say that the huge batch of password reset emails was a result of them unintentionally resetting passwords for a large number of accounts beyond those they believed were actually compromised.

[via TechCrunch]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

No comments:

Post a Comment