When I received an e-mail recently with the subject, “Please change your twitter password,” supposedly from the popular social network, I was suspicious. After all, many scammers seeking to seize sensitive information make similar claims.
Nonetheless, I read the e-mail, which began:
Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset. Please create a new password by opening this link in your browser: [with a link here]
This will reset your password. Remember to choose a strong password that is a combination of letters, numbers, and symbols. Do not reuse your old password.
Although everything looked legitimate, I remained skeptical about its authenticity.
So I decided rather than clicking any of the links, I would attempt to log into my Twitter accounts. One of my accounts made me change my password immediately, which seemed to confirm the contents of the note.
Since then I have read Internet reports confirming the authenticity of the e-mail.
John Paczkowski of All Things Digital received the following statement from Twitter:
As part of Twitter’s ongoing security efforts, we reset passwords for a small number of accounts that we believe may have been compromised offsite. In one case, a number of accounts posted updates indicative of giving their username and password to untrusted third parties. While we’re still investigating and ensuring that the appropriate parties are notified, we do believe that the steps we’ve taken should ensure user safety. We’ll continue provide updates as warranted at @safety and @spam. We do, as always, encourage our users to read our help pages on what to do if your account is compromised: http://twitter.zendesk.com/forums/10713/entries/31796 and how to stay safe on Twitter: http://twitter.zendesk.com/forums/10711/entries/76036.
It is important to remember that if you ever receive an e-mail that does not seem right, or that you are suspicious of, not to click any links in the e-mail. I would recommend verifying the information from said e-mail by accessing the site directly rather than clicking a link. If you have further issues, I would recommend attempting to contact the respective company or organization directly.
This is also a good time to remember the importance of having strong passwords unique to each respective account that contain special characters.
This might have cause the security failure. I believe that after certain period of time everyone should have changed their password to ensure the safety.
Comment by 32gb micro sd — February 8th, 2010 @ 4:50 am
People that tweet need a life
Comment by Trollinginconnecticut — February 22nd, 2010 @ 11:24 am