Twitter Password Reset Goes Too Far
The Twitter 'fail whale' error message, created by Australian artist Yiying Lu.
CREDIT: Twitter/Yiying Lu
In an attempt to spare a few users from a security threat, Twitter unintentionally reset the passwords of far more users, leading some of them to suspect a scam.
"We unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised," Twitter announced in a status notification late this morning (Nov. 8). "When we believe an account may have been compromised, we reset the password and send an email letting the account owner know this has happened, along with information about creating a new password."
Twitter hasn't revealed the reason behind its botched password reset or why it believed certain accounts were compromised.
After spam from @techcrunch started showing up in followers' feeds, TechCrunch confirmed that its Twitter account had been compromised. It’s unclear, however, whether the events were related.
"Twitter believes that your account may have been compromised by a website or service not associated with Twitter," reads the official Twitter email with the link for users to reset their password.
Users pointed out that even though the email was legit, it could appear to be a phishing scam, or even could be used as a cover for criminals to exploit Twitter victims without the need for posting a fake warning.
Despite a large number of reports of people receiving the warning or being unable to log into their accounts, Twitter said very few of its more than 140 million members were affected.