Thousands of Twitter users have been warned that their accounts may have been hacked – but the social network site has admitted to over-reacting by resetting far too many passwords in a bid to protect users.
The situation is compounded by the fact that some users think that the email from Twitter is a phishing scam and are failing to change their passwords.
The move follows a major phishing attack on the site on Wednesday night, which used phrases like “serious gossip” or “that video” or “saying bad things [about you]” with a link to a phishing or malware site. Clicking on the link could infect users’ machines, triggering more messages on their accounts and starting the process all over again.
Twitter has not said how many accounts were hit. The company has more than 500m active users, and saw one of its busiest days ever on Tuesday when Barack Obama was re-elected US President.
The valid emails begin “Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We’ve reset your password to prevent others from accessing your account.”
Many users have reported receiving the email and having password problems, including high profile users such as British actor David Mitchell, Wall Street Journal’s social media director Liz Heron and technology news site TechCrunch.
Both TechCrunch and Australian winemaking company WineWorks Australia were warning users not to open spam tweets that had appeared on their accounts.
