Twitter resets passwords of 'compromised' accounts

Many Twitter users have been warned to change their password after an unknown bug left some accounts with deleted tweets or scam-links posted to their feeds.

Zack Whittaker Writer-editor
Zack Whittaker is a former security editor for CNET's sister site ZDNet.
Zack Whittaker
2 min read

Is it a bird? Is it a plane? No, it's a password reset message from Twitter, and you should probably do what it says.

An unknown number of Twitter users have received a genuine e-mail from the company warning they should change their password as soon as possible. 

But a Twitter spokesperson told CNET that the e-mail was sent to a wider group of users than intended.

A password reset email sent to users today. Twitter user @noodlesnrice

In the e-mail, the microblogging company noted: "Twitter believes that your account may have been compromised by a Web site or service not associated with Twitter. We've reset your password to prevent others from accessing your account." 

It remains unclear how many have been affected by the password reset e-mail or what's caused the mass e-mailing of its users.

A post by TweetSmarter on Wednesday noted that in some cases when "large numbers of Twitter accounts have been hijacked," the company sends out these e-mails en masse, even sending messages to accounts that may not have been affected by any hack or hijack to err on the side of caution.

So far, a few high profile accounts have noted interference, including David Mitchell, who said:

"Got an e-mail from Twitter telling me that my password had to be changed because they thought my account had been hacked," adding in another tweet: "So I've changed it, but the only evidence of hacking I can find is that my tweet about my Observer column last Sun has disappeared. Weird."

Even rival tech site TechCrunch got pinched by its compromised Twitter account, which appears to be using the high-profile account for nefarious reasons by promoting "work from home" scam posts

A Twitter spokesperson told CNET: "We're committed to keeping Twitter a safe and open community."

"As part of that commitment, in instances when we believe an account may have been compromised, we reset the password and send an e-mail letting the account owner know this has happened along with information about creating a new password. This is a routine part of our processes to protect our users."

However, the recently sent out password reset e-mails hit a wider scope of Twitter users than were initially intended, the Twitter spokesperson added.

"In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused."

It remains unclear what the root cause of the e-mails were, but the Twitter status page has been updated with the same information. In this case, it appears as though the mass e-mailing of password reset e-mails was a mistake.

Update at 9:10 p.m. PT: with comment from Twitter.