CNET también está disponible en español.

Ir a español

Don't show this again

Security

Twitter locks user accounts that need 'extra protection'

Social network reaffirms that its platform was not hacked, but makes some users reset their passwords as a precaution.

Erik Tham/Getty Images

Better safe than sorry, or so goes Twitter's latest thinking.

The social network on Friday maintained it was not the victim of a hack or data breach, as previously reported. But Michael Coates, Twitter's head of information security, wrote in a blog post that the company has identified some accounts that need "extra protection." Those accounts have been locked, requiring users to reset their passwords in order to access them.

"If your information was impacted by any of the recent issues -- because of password disclosures from other companies or the leak on the 'dark web' -- then you have already received an email that your account password must be reset," he wrote. " Your account won't be accessible until you do so."

Twitter did not disclose how many users were contacted to change their passwords.

The latest post from the social network comes three days after a Russian hacker who goes by the name Tessa88 claimed to be in possession of a cache containing email addresses, passwords and usernames of 379 million Twitter accounts. The seller reportedly had links to the recent breaches of LinkedIn and MySpace. It's unclear how the hacker came in possession of the information.


The usernames and passwords could have been collected through other breaches or malware that's on computers stealing passwords, Coates said.

"The recent prevalence of data breaches from other websites is challenging for all websites -- not just those breached," he said. "Attackers mine the exposed username, email and password data, leverage automation, and then attempt to automatically test this login data and passwords against all top websites."

Twitter users are being urged to use strong passwords and two-factor authentication. The latter is an added layer of security, requiring users after entering their password to type in a special code sent via text to their smartphones for verification. Apple, Facebook and Google also have similar login features.