Twitter: Oops, we reset passwords we didn't need to
Many users received an unusual-sounding email from Twitter explaining that it had reset their passwords after a suspected security breach. Now the company says it went too far -- but doesn't explain the breach.
Now that Twitter has reported a security breach and reset the passwords of many users, the company has issued a statement explaining why it did what it did:
We're committed to keeping Twitter a safe and open community. As part of that commitment, in instances when we believe an account may have been compromised, we reset the password and send an email letting the account owner know this has happened along with information about creating a new password. This is a routine part of our processes to protect our users.
In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused.
In other words, while some individuals' accounts have been accessed and used to send spam, Twitter did not suffer any large-scale hack.