Skip to main content

Twitter resets unknown number of passwords after apparent security breach (update)

Twitter resets unknown number of passwords after apparent security breach (update)

Share this story

A number of Twitter users have been asked to change their passwords after a potential security compromise. Earlier this morning, TechCrunch posted one such email, which says that "Twitter believes that your account may have been compromised by a website or service not associated with Twitter." Since then, we've seen numerous mentions of the email on Twitter, along with people claiming that their accounts have been hacked. To make things worse, suspicious messages started showing up on the TechCrunch Twitter feed soon after it posted about the issue, though they were quickly removed.


Unfortunately, with only public responses to go by, we have little sense of how widespread this problem could be. Twitter hasn't clarified the source of the breach, but it's possible that a third-party tool was compromised in a way that exposed passwords, rather than the easily-revoked third-party authorization codes that have been leaked in previous hacks. We've reached out to Twitter for comment; meanwhile, users may want to check their email and see if they could be affected.

Update: Twitter has posted an update on its status page, saying that some of the emails were sent by mistake. "We unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised," it says. "We apologize for any inconvenience or confusion this may have caused." There seem to have been legitimate compromises, but it now seems much more routine, and many users who were notified aren't in any danger — though they'll have to change their passwords in any case.