Twitter has apologised after telling members their accounts had been hacked and forcing them to reset their passwords.
Twitter sent out a “large number” of emails telling members to change their log-in details, but gave no indication of the cause or source of the compromise, and would not share details of the size of the issue, according to the BBC.
“Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We've reset your password to prevent others from accessing your account,” the emails said.
Some users who received the warning noticed that some of their tweets had been deleted, while others said spam links had been posted without their knowledge, the report said.
However, in a subsequent blog post, Twitter apologised for sending out too many warning notices.
The microblogging site said password resets were a routine part of processes to protect users, but added: “In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised.”
Read more on Twitter compromises
- Twitter users targeted by Blackhole malware
- Twitter spam used to spread rogue security software
- UGNazi hacker group claims responsibility for Twitter outage
Attempts to hack Twitter accounts are common, and are most frequently carried out by spammers, scammers and hackers to spread links to their malicious campaigns.
"In instances when we believe an account may have been compromised, we reset the password and send an email letting the account owner know this has happened along with information about creating a new password," Twitter said.
But the apparent problems with this process are a setback for Twitter and a blow to is reputation for technical competence built up over the past two years, according to the Telegraph.
Twitter initially struggled to cope with its rapid growth and regularly suffered embarrassing outages, but remained online throughout last week’s US election despite the heavy load, the paper said.
In the email warnings, Twitter urged members to choose a strong password such as one with a combination of letters, numbers, and symbols, and to:
- Always check that your browser's address bar is on a https://twitter.com website before entering your password. Phishing sites often look just like Twitter, so check the URL before entering your log-in information!
- Avoid using websites or services that promise to get you lots of followers. These sites have been known to send spam updates and damage user accounts.
- Review your approved connections on your Applications page at https://twitter.com/settings/applications. If you see any applications that you don't recognise, click the Revoke Access button.