Twitter hasn’t confirmed the scope of the breach, but said users who received emails should go to the link and reset their passwords.
While Carolyn Penner, a spokeswoman for Twitter, told Reuters there had not been a security breach, a number of users said they believe their accounts had been hacked.
Twitter also said that if users can’t log onto their accounts, they should go to the twitter.com site and click on "settings." The Android Twitter and iOS apps do not permit you to change passwords, so you must go to the website.
Many Twitter users got this message in their emails Thursday morning: “Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We’ve reset your password to prevent others from accessing your account.”
The message goes on to instruct the individual to change the password and cautions the user about what kind of passwords they should be using (i.e., not old ones).
Users are also asked to:
- Always check that your browser’s address bar is on an https://twitter.com website before entering your password. Phishing sites often look just like Twitter, so check the URL before entering your login information.
- Avoid using websites or services that promise to get you lots of followers. These sites have been known to send spam updates and damage user accounts.
- Review your approved connections on your applications page at https://twitter.com/settings/applications. If you see any applications that you don’t recognize, click the "revoke access" button.
Twitter acknowledges possible breaches
Because Twitter hasn’t posted any statements about the breach itself, many users were skeptical about the email message.
To clear up the confusion, Twitter posted this statement on its status page – owning up to the fact that it believed accounts had been breached, and that it had gone ahead and created new passwords for users.
"We’re committed to keeping Twitter a safe and open community. As part of that commitment, in instances when we believe an account may have been compromised, we reset the password and send an email letting the account owner know this has happened along with information about creating a new password. This is a routine part of our processes to protect our users.
"In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused."
In other words, your account may or may not have been compromised, but the bottom line remains the same: Reset your password.
If you want to play it safe, don’t click on the link to the password page. Type it out yourself — that way you can be sure you’re not being redirected to a fake page.