Twitter users were even more confused Thursday on news that they may have had their passwords reset without cause, after receiving e-mails from the social media site warning them their account had a security breach.
Twitter has now officially responded to let users know not everyone who got a warning e-mail was the victim of an attack, but there’s still no way to tell who was and who wasn’t targeted.
The size of the breach is at this point unknown.
The statement reads: “In instances when we believe an account may have been compromised, we reset the password and send an e-mail letting the account owner know this has happened...
“In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised.”
The statement offers no help identifying the accounts that were “compromised,” so the safest course if you get one of these e-mails should be to heed its warning.
The e-mails include a link to the Twitter password reset page, but directing users to click on such links is also a common tactic employed by phishing scams.
To safely reset your password go log in to Twitter.com , click to Settings (found under the gear-shaped button), and complete the reset under the Password screen (just below Account on the left-hand menu). The iOS and Android Twitter apps do not allow you to change passwords, you have to go to the website.
If you use your Twitter password on any of your other online accounts, it’s still important to go change those as well – and for the love of Pete don’t use the same password on all your online accounts. As many discovered during the LinkedIn password breach, passwords are currency in the dark-net world of hacking and spammers, and if you’re not careful a breach can offer up scary access to your whole online life. Google’s Gmail blog has a decent description of how to make safe passwords, and Twitter has its own account security page.