Update: Twitter suffers widespread password security breach
Twitter has sent emails asking some users to change their passwords, many reports of compromised accounts
By Mary-Ann Russon | Techworld | Published: 18:11, 08 November 2012
UPDATE: Twitter have confirmed on their blog that on top of the fact that some users' accounts have been compromised and are currently posting spam tweets, other accounts have had their passwords reset this morning by mistake:
"In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused."
Twitter has suffered a widespread security breach that has prevented some users from accessing their accounts.
Related Articles on Techworld
Users of compromised accounts have also been emailed by Twitter asking them to change their passwords.
The email says:
"Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We’ve reset your password to prevent others from accessing your account.
You’ll need to create a new password for your Twitter account. You can select a new password at this link:
As always, you can also request a new password from our password-resend page: https://twitter.com/account/resend_password"
The Twittersphere has been aflutter with many users reporting receipt of the email and having password problems, including high profile users such as British actor David Mitchell (@RealDMitchell), Wall Street Journal's social media director Liz Heron (@lheron) and technology news site TechCrunch (@TechCrunch).
The hack seems to have affected users to different degrees. While David Mitchell reported that one of his tweets had mysteriously disappeared, both TechCrunch and Australian winemaking company WineWorks Australia (@WineworksAUS) were warning users not to open spam tweets that had appeared on their accounts.
While TechCrunch confirmed that they had managed to boot out the "spammers" and regain control of their account, the problem is still continuing for some users.
On our end, Computerworld UK's main Twitter account and one of our journalists did receive the email this morning and we had to reset our passwords to access our Twitter accounts, but we have not seen any spam.
Twitter is still dealing with the situation, which is compounded by the fact that some users think that the email from Twitter is a phishing scam and are failing to change their passwords.
According to reports, very little information is currently available and Twitter has only responded so far to a question about two-factor authentication:
"We’ve certainly explored two-factor authentication among other security measures, and we continue to introduce features, such as https, to help users keep their accounts secure. This support article and this blog post offer additional information and tips."