Twitter: Accounts Were Compromised, but We Also Accidentally Reset Password
Earlier today, Twitter users began to report an interesting situation on (where else) Twitter. They claimed that they had received an email from Twitter that said their accounts had been compromised, and that their passwords had been reset. The email also prompted users to create a new password.
Of course, users were a bit skeptical about the legitimacy of said emails. Although many users did report that their accounts had been compromised, some users had received the email without any outward sign of any disturbance on their accounts.
Now, Twitter has released a statement on their status page that suggests that they believe some accounts were hacked, but that they messed up to by resetting passwords of accounts not affected by the hack.
Here’s that full statement:
We’re committed to keeping Twitter a safe and open community. As part of that commitment, in instances when we believe an account may have been compromised, we reset the password and send an email letting the account owner know this has happened along with information about creating a new password. This is a routine part of our processes to protect our users.
In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused.
So if you receive an email from Twitter asking you to chance your password, you should probably do it.