An administrative error, not a wide-scale security attack, caused Twitter to reset passwords, the company stated
A compromised account prompted Twitter to change a certain number of passwords, though the company accidentally reset the passwords to a larger number of users than it needed to, according to a statement the company issued Thursday on its status page. A company spokeswoman declined to provide additional information about the situation.
“In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised,” the statement read. Twitter provided no details as to how many of its 500 million users were required to reset their passwords.
Email from Twitter was sent to some users early Thursday morning, Eastern Time. “Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We’ve reset your password to prevent others from accessing your account,” the email read.
The notice left many users perplexed as to if it was a real request, or a forgery from online tricksters. Initially, Twitter offered no additional information on its status page or company blog about the email and what prompted it. A Twitter representative offered no additional information beyond an update posted late morning EST on its status page.
The email provided a link to an SSL (Secure Socket Layer) password reset page on Twitter, as well as to a page where users could check what third-party applications have access to their Twitter accounts. The reset page would not let users reuse their old passwords. Twitter provides access to third-party applications with the permission of its users.