Collaboration SuitesSecuritySoftwareWorkspace

Twitter Password Reset Gaffe Scares Users

Tom Brewster is TechWeek Europe’s Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Twitter sends password resets out to too many people

Twitter has apologised for confusing swathes of users after it unintentionally reset passwords.

Rumours of a massive “hack” of Twitter started circulating earlier today, as the micro-blogging giant started resetting what appeared to be a large number of accounts. Users were being asked to change their passwords on login.

Technology news blog TechCrunch had its Twitter password stolen and account hijacked. A number of spam messages were sent from the account earlier today. Some have criticised Twitter for sending affected users a link – a technique often used by phishers to steal credentials.

Twitter password reset fail

But it all turned out to be a Twitter password reset failure. Twitter said it was resetting passwords for a number of users, but did so for more than it planned. It did not say how many were affected.

“We’re committed to keeping Twitter a safe and open community. As part of that commitment, in instances when we believe an account may have been compromised, we reset the password and send an email letting the account owner know this has happened along with information about creating a new password. This is a routine part of our processes to protect our users,” the company explained in a status update.

“In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologise for any inconvenience or confusion this may have caused.”

Are you a security expert? Find out with our quiz!