You Might Have Gotten An Email From Twitter About Your Account Being Compromised, It’s Real

Keep your eyes peeled, Twitter users: Twitter is sending out emails to some of its users telling them it has reset their password and asking them to create a new one. If you can’t log into your account that may be why. Lots of users are affected judging by the amount of people tweeting about password problems. British comedy star David Mitchell being one of them

And yes, TechCrunch’s own account has been compromised — please don’t click on any links that look like this (update: we’ve now booted out the spammers and regained control of the TC Twitter account)

The cause of the compromise is not described in detail in Twitter’s email — it just says “Twitter believes that your account may have been compromised by a website or service not associated with Twitter”. A blog by TweetSmarter notes that such emails tend to go out after a lot of accounts are hacked.

If you’re having trouble logging onto your Twitter account but can’t see an email in your inbox don’t forget to check your spam folder in case the email has been filtered out of your main feed.

We reached out to Twitter for more information on the size of the hack but the company did not provide any info. It did say users who have received emails should reset their passwords (using the password reset link provided), adding that any users who aren’t able to log into their account can go directly to Twitter.com and reset their password in Settings.

Some Twitter users are criticising the company for including a link to change the password in the email — a technique that is often employed by phishing scams to harvest passwords. But heads up guys: this time at least it’s bona fide. Even so, to be really safe, you should manually type in the link to Twitter’s password reset page — to avoid any risk of being phished.

(And in future let’s hope Twitter deploys two-factor authentication to bolster account security — a la Gmail, Dropbox etc.)

Here’s the full text of the email potentially compromised users are receiving

Hi, [name]

Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We’ve reset your password to prevent others from accessing your account.

You’ll need to create a new password for your Twitter account. You can select a new password at this link:
https://twitter.com/pw_rst/

As always, you can also request a new password from our password-resend page: https://twitter.com/account/resend_password

Please don’t reuse your old password and be sure to choose a strong password (such as one with a combination of letters, numbers, and symbols).

In general, be sure to:

  • Always check that your browser’s address bar is on a https://twitter.com website before entering your password. Phishing sites often look just like Twitter, so check the URL before entering your login information!
  • Avoid using websites or services that promise to get you lots of followers. These sites have been known to send spam updates and damage user accounts.
  • Review your approved connections on your Applications page at https://twitter.com/settings/applications. If you see any applications that you don’t recognize, click the Revoke Access button.

For more information, visit our help page for hacked or compromised accounts.

The Twitter Team

Update: Since posting this story lots of people have tweeted us to confirm they have received Twitter’s notification to change their password

UPDATE: Twitter has given us a statement on the situation.