Twitter Phishing Attack Forces Users to Reset Passwords
Twitter has apparently forced some users to reset their passwords after a phishing attack, and urged users to choose hard-to-guess passwords and be on the lookout for suspicious third-party activity.
Scottish blogger Andrew Girdwood was among those who reported receiving a message that states "Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset. Please create a new password by opening this link in your browser. … Remember to choose a strong password that is a combination of letters, numbers, and symbols. Do not reuse your old password."
Twitter acknowledged the password reset, describing it as a "precautionary step," but did not say how many users were affected or describe the nature of the phishing attack.
Twitter's official "safety" account issued a tweet saying "Got an email from us saying we've reset your password? A small # of accts seemed possibly affected offsite & we took a precautionary step." Previous tweets from this account offer advice for avoiding attacks, such as "Giving out your username & password to a 3rd party site promising you more followers: not a good idea AND a violation of the Twitter Rules."
Twitter's message to users urged them to remove any updates they did not post themselves; scan their computers for viruses and malware; and check the Twitter connections page and revoke access privileges for any third-party applications they do not recognize.
Twitter has become a magnet for computer hackers because of its increasing popularity, with reports of malware and spam on social networks rising 70% in the last 12 months.
Follow Jon Brodkin on Twitter: www.twitter.com/jbrodkin