Following legitimate hacks into some Twitter accounts, the site ended up mistakenly sending password reset e-mails to a large number of unaffected users as well, according to Twitter’s status blog.
This morning TechCrunch’s Twitter account was hacked, along with high profile users like comedian David Mitchell. Twitter typically manually resets passwords for hacked accounts, but this time it looks like it went a bit overboard and reset passwords for unaffected users as well. Some of our writers at VentureBeat also received the reset e-mails, and they confirmed that they weren’t able to log back into the service without changing their password.
It’s never a bad idea to change your password often, so it’s hard to blame Twitter for overreacting. It’s certainly better than being slow to respond to the hacks in the first place.
We’ve asked Twitter for more details on the hacks and will update when we hear back. For now, don’t fret.
See the full message from Twitter below:
We’re committed to keeping Twitter a safe and open community. As part of that commitment, in instances when we believe an account may have been compromised, we reset the password and send an email letting the account owner know this has happened along with information about creating a new password. This is a routine part of our processes to protect our users.
In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused.
As always, we recommend that people review these tips on how to keep their Twitter accounts secure: https://support.twitter.com/articles/76036-keeping-your-account-secure#