The Inquirer-Home

Twitter sends password reset emails by mistake, admits it wasn't hacked

Nothing to see here
Tue Mar 04 2014, 09:18
Twitter has not been hacked

SOCIAL NETWORK Twitter sent a number of password reset emails on Monday evening due to a system error.

The firm contacted users with the sort of messages usually seen when attackers are taking over accounts.

Twitter's email has been shared on the microblogging website, of course, and picked up by the Recode website. The missive presented itself as one of those 'you've been hacked' emails, and informed users about their scorched logins.

"Twitter believes that your account may have been compromised by a website or service not associated with Twitter," it said. "We've reset your password to prevent accessing your account."

Users took to Twitter to fret about the email, and a search on "Twitter hack" turns up a range of panicked missives and messages of thanks to Twitter for its speedy intervention.

Later though, in a statement to Recode, the firm admitted that it had been the victim of nothing more than a system error.

"We unintentionally sent some password reset notices tonight due to a system error," it said. "We apologise to the affected users for the inconvenience."

Users could not be blamed to worrying about the phantom attack, as we have already seen a large number of security breaches this year already.

Last month a docket of 350 million internet user credentials was discovered online, and in the last few weeks we have seen firms including Kickstarter, Tesco, Target, Yahoo and Snapchat admit to having been attacked.

A little over a year ago we were at Twitter learning about an attack that took some 250,000 user credentials.

"This week, we detected unusual access patterns that led to us identifying unauthorised access attempts to Twitter user data," explained Bob Lord, director of Information Security at Twitter then.

"Our investigation has thus far indicated that the attackers may have had access to limited user information - usernames, email addresses, session tokens and encrypted/salted versions of passwords - for approximately 250,000 users."

Then Twitter reminded users to adopt good security practices. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015