Millions of users of the popular microblogging social network Twitter may have inadvertently been affected by the site's effort to deter a potential security threat.
A large number of Twitter users recently received an email from the site saying that it had automatically reset their passwords, after many - including some well-known accounts - may have been compromised, according to a report from ABC News. This was a relatively simple, if annoying, process for the affected users.
However, the company also admitted that it may have forced more people than was necessary to go through the process, the report said. More than just those that were compromised - and the company says that the problem wasn’t the result of a hacking attack or other type of security breach - went through the forced resets.
"In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised," Twitter spokeswoman Carolyn Penner told the news agency. "We apologize for any inconvenience or confusion this may have caused."
The company also warned users that in many cases, hackers send bogus emails that look legitimate, and direct users to attack sites that are used to steal their account data, the report said. To be sure that this doesn't happen when they receive such an email, users are encouraged to copy and paste the URL in such a message into the address bar for their Web browser to see whether it actually directs them to a twitter.com address.
Meanwhile, the company is now under fire from more than just the perturbed users who had to reset their passwords, the report said. In addition, many Web security experts say that the social network needs to do more to increase the safety of users' accounts, which should include two-factor authentication. Twitter, for its part, says it has explored such an option, but for now will stick with using HTTPS.
Ondrej Krehel, the chief information security officer for IDentity Theft 911, has a blog about the ways in which hackers might try to access users' online accounts for various reasons, and the ways in which both companies and consumers can increase protections in this area.
A large number of Twitter users recently received an email from the site saying that it had automatically reset their passwords, after many - including some well-known accounts - may have been compromised, according to a report from ABC News. This was a relatively simple, if annoying, process for the affected users.
However, the company also admitted that it may have forced more people than was necessary to go through the process, the report said. More than just those that were compromised - and the company says that the problem wasn’t the result of a hacking attack or other type of security breach - went through the forced resets.
"In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised," Twitter spokeswoman Carolyn Penner told the news agency. "We apologize for any inconvenience or confusion this may have caused."
The company also warned users that in many cases, hackers send bogus emails that look legitimate, and direct users to attack sites that are used to steal their account data, the report said. To be sure that this doesn't happen when they receive such an email, users are encouraged to copy and paste the URL in such a message into the address bar for their Web browser to see whether it actually directs them to a twitter.com address.
Meanwhile, the company is now under fire from more than just the perturbed users who had to reset their passwords, the report said. In addition, many Web security experts say that the social network needs to do more to increase the safety of users' accounts, which should include two-factor authentication. Twitter, for its part, says it has explored such an option, but for now will stick with using HTTPS.
Ondrej Krehel, the chief information security officer for IDentity Theft 911, has a blog about the ways in which hackers might try to access users' online accounts for various reasons, and the ways in which both companies and consumers can increase protections in this area.