We’re seeing tweets that various people are being forced to change their passwords on Twitter in response to possible phishing threats.
The message from twitter itself says:
“Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset.”
There have been a number of cases where phishers have targeted user accounts via DM sending them to a spoof login page that grabs passwords and then uses your account to propagate the phishing messages to more users.
In this case, it appears Twitter itself wants to be one step ahead of potential phishers and is asking people that it believes may have been a target to change their passwords immediately.
At least that’s what we’re hoping. We’ve requested confirmation from Twitter and will report back if/when we hear something.
We’re hearing unconfirmed reports from Twitter users that this might be in regard to a user account @THCx. A thread on Twitter’s support system recommends that users change their passwords immediately if they are currently following that specific Twitter account.
@THCx, supposedly a tips/tutorials service, has managed to gain access to over 42000 user accounts in a matter of days and doesn’t appear to be following one.
The screenshot below shows that it’s possible, if @THCx is the culprit, that they may have gained access to users via NutshellMail, a service that lets you access and reply to Twitter messages as you would email.
It’s unlikely that a NutshellMail vulnerability is the issue here however @THCx is does increasingly seem to be the common denominator between all the accounts requiring password resets.
Official Update from Twitter:
We just received an official statement from Twitter:
“As part of Twitter’s ongoing security efforts, we reset passwords for a small number of accounts that we believe may have been compromised offsite. In one case, a number of accounts posted updates indicative of giving their username and password to untrusted third parties. While we’re still investigating and ensuring that the appropriate parties are notified, we do believe that the steps we’ve taken should ensure user safety. We’ll continue to provide updates as warranted at @safety and @spam. We do, as always, encourage our users to read our help pages on what to do if your account is compromised: http://twitter.zendesk.com/forums/10713/entries/31796 and how to stay safe on Twitter: http://twitter.zendesk.com/forums/10711/entries/76036.”