Twitter has sent out emails asking several of its users (the total amount is unclear at this point) to change their passwords. “Twitter believes that your account may have been compromised by a website or service not associated with Twitter,” the email says. Twitter doesn’t specifically say how a user’s account may have been hijacked, but I myself have noticed several phishing scams going around via direct message recently.
“Check out my Halloween video,” one message reads, with a link to Facebook. “Just what exactly you’re doing in our film,” another says, again with a link to Facebook. It appears that my friend’s account was infected, likely after he were tricked into clicking those links.
Twitter hasn’t made a public statement yet, but we advise you to follow instructions on changing your password if the social network sends you a warning… especially considering more than 55,000 accounts were compromised after the service was hacked in May.
Update: Twitter said it was unintentional, despite our own run-ins with apparent phishing attacks. Here’s the full statement:
We’re committed to keeping Twitter a safe and open community. As part of that commitment, in instances when we believe an account may have been compromised, we reset the password and send an email letting the account owner know this has happened along with information about creating a new password. This is a routine part of our processes to protect our users.
In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused.