Twitter password reset goes too far
Many tweets suspected the password reset email from Twitter was actually just a well-devised phishing scam.
Fri, Nov 09, 2012 at 10:19 AM
In an attempt to spare a few users from a security threat, Twitter unintentionally reset the passwords of far more users, leading some of them to suspect a scam.
"We unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised," Twitter announced in a status notification on the morning of Nov. 8. "When we believe an account may have been compromised, we reset the password and send an email letting the account owner know this has happened, along with information about creating a new password."
Twitter hasn't revealed the reason behind its botched password reset or why it believed certain accounts were compromised.
After spam from @techcrunch started showing up in followers' feeds, TechCrunch confirmed that its Twitter account had been compromised. It’s unclear, however, whether the events were related. [10 Tips for Staying Safe on Twitter]
"Twitter believes that your account may have been compromised by a website or service not associated with Twitter," reads the official Twitter email with the link for users to reset their password.
Users pointed out that even though the email was legit, it could appear to be a phishing scam, or even could be used as a cover for criminals to exploit Twitter victims without the need for posting a fake warning.
Despite a large number of reports of people receiving the warning or being unable to log into their accounts, Twitter said very few of its more than 140 million members were affected.
Related on TechNewsDaily: