When Twitter believes an account has been compromised, it resets the user’s password and sends a notification by email. This time, however, the company says it accidentally reset passwords for more accounts than it needed to.
“We apologize for any inconvenience or confusion this may have caused,” Twitter said in a statement.
Even so, the security breach was real, at least to some extent. TechCrunch, for instance, was compromised, and posted a spam work-at-home advertisement to its feed Thursday. Twitter hasn’t given any sense of how widespread the actual security breach was.
Protect your Twitter account
Because the password reset is mandatory, no further action is necessary to secure your account if you’ve received an email from Twitter. It may be a good idea, however, to check over your feed for spam and delete any offending posts.
Now’s also a good time to make sure you have a strong password, rather than a terrible one. You can also check on your Twitter app permissions. To this, head to “Settings” in the drop-down menu at the upper-right corner of Twitter.com, click on “Apps” in the left sidebar, and click “Revoke access” for any third-party apps you don’t use.
This isn’t the first time Twitter has dealt with security issues. In May, hackers posted credentials for 50,000 Twitter accounts to the internet. One month later, a group claiming to be LulzSec Reborn posted 10,000 usernames and passwordsonline. Lady Gaga, one of the most popular users on Twitter, was hacked last December.
Because no online service is safe from security breaches, it’s a good idea to set separate passwords for each, or use password management tools, so you won’t have to lock down dozens of services whenever one of them is compromised.