It’s never a good feeling to have a “Sorry, your login credentials just exploded so hard aliens in another galaxy will put up a quarantine zone around your solar system” mail, which is pretty bad considering I had one of these staring me in the face earlier today:
Click to Enlarge
Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We’ve reset your password to prevent others from accessing your account.
Despite the email being genuine and not a phish (though Twitter lose points for sending out clickable links, given that would be the tactic of choice for a phisher) I thought it was a little strange considering I don’t use dubious apps, I never randomly click links while hoping I end up on the site I intend to visit and my password is a 100 character monstrosity bolted up behind a password manager stored in a thing (technical term).
My co-blogger also had one of these arrive in her mailbox and reset the password only to find a second mail claiming there’d been another compromise about 40 minutes later. Rumours started to circulate regarding a possible China-themed day at the races, and just to confuse things further there were way too many people receiving these mails while failing to send any spam links both publicly or privately which made the whole episode rather bizarre.
Sure enough, it has now come to light that Twitter made a mistake and fired out way too many reset mails to people with perfectly safe accounts:
In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused.
So there we have it, no mass hack (just a regular set of compromised accounts that turned into an EMail deluge) and everybody can go back to posting up pictures of sandwiches or cats or whatever. Even if your account hasn’t been compromised, you may still want to review the Twitter safety page for invaluable tips on how to avoid sending out exotic herbal remedy spam to all of your followers. This one may have been a false alarm, but there’s still a fair amount of rogue links, spam and phish attacks waiting to pounce.
Christopher Boyd
Leave a reply
