Twitter has responded to us with a statement regarding the password reset situation.
For those of you just waking up or catching wind of this, a lot of folks have been reporting that their account password has been reset because it was compromised.
As the Twitter team woke up here in the U.S., they were indeed quick to respond.
Here is their statement in full:
We’re committed to keeping Twitter a safe and open community. As part of that commitment, in instances when we believe an account may have been compromised, we reset the password and send an email letting the account owner know this has happened along with information about creating a new password. This is a routine part of our processes to protect our users.
In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused.
As always, we recommend that people review these tips on how to keep their Twitter accounts secure:
https://support.twitter.com/articles/76036-keeping-your-account-secure#
Check out their status blog for more details.
Twitter really needs to get two-factor authentication quickly, here’s what the company had to say about that.
Were accounts compromised? Yes, absolutely. Ours was. Was everyone’s compromised? Twitter says no right now. This is once again a very complex and confusing situation for users. Don’t risk it, change your password. If you use your Twitter password for anything else on the web, it would be wise to change those today as well. Let your bosses know that you need an hour break for security purposes and try to remember where all of your footprints are on the web.
How did this all happen? Does Twitter not store passwords securely and hashed? We don’t know this yet but are investigating the matter. Stay tuned please.
This is developing.