Twitter apologises for mass password reset error

Many Twitter users were confused and alarmed this morning by an email from the service saying that their accounts had been “compromised” and forcing them to change their passwords.

An unusually large number of people, including several celebrities and tech reporters, had received the email, but many saw no evidence of any sort of hacking. Some panicked that message from Twitter was itself a phishing attack.

Phishing messages, @reply spam and follower-building apps have long been a low-level problem for Twitter, which has worked to improve the security and spam filters on its site.

But it turns out that this time, it was Twitter itself indiscriminately sending unsolicited messages to large numbers of recipients.

After TechCrunch (whose account was hijacked) and others covered the warnings, Twitter responded with a statement saying that the mass password reset was, in fact, an error on its part.

Here’s the full statement:

We’re committed to keeping Twitter a safe and open community. As part of that commitment, in instances when we believe an account may have been compromised, we reset the password and send an email letting the account owner know this has happened along with information about creating a new password. This is a routine part of our processes to protect our users.

In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused.

Twitter did take the opportunity to remind its users to change their passwords regularly to keep their accounts secure. And if someone sends a direct message warning a user that he or she has been mentioned in “serious gossip” or that people are “saying bad things about you”, it’s probably a trick – don’t click the link.