This article was published on November 8, 2012

Oops: Twitter says it unintentionally reset passwords of non-compromised accounts


Oops: Twitter says it unintentionally reset passwords of non-compromised accounts

Twitter has unintentionally sent a password reset email to users whose accounts hadn’t been compromised, the company announced on its status page.

As you may remember, the company had emailed an undetermined but apparently large number of users a few hours ago, asking them to reset their password, leading to a flurry of tweets discussing the possibility of a widespread hacking problem.

While the issue is not as widespread as initially thought, the company’s statement does say that it believes some accounts have indeed been compromised. In addition to Twitter’s confirmation, we already knew some accounts had been hacked.

For instance, TechCrunch posted suspicious messages on Twitter a few hours ago before regaining control of its account, and it would be interesting to know what caused this issue in the first place. We have asked Twitter and will update this post accordingly.

Here is the statement it published (emphasis is ours):

“We’re committed to keeping Twitter a safe and open community. As part of that commitment, in instances when we believe an account may have been compromised, we reset the password and send an email letting the account owner know this has happened along with information about creating a new password. This is a routine part of our processes to protect our users.

In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused.

As always, we recommend that people review these tips on how to keep their Twitter accounts secure: https://support.twitter.com/articles/76036-keeping-your-account-secure# “

One thing is for sure, the fact that Twitter overreacted doesn’t take away from the need to protect your account. If you think it may have been hacked, you should reset your password immediately at https://twitter.com/settings/password. We also recommend you to do this manually, rather than using the link Twitter provided in the email you may have received.

Image credit: FRED TANNEAU / AFP / Getty Images

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with