There are reports coming in regarding Twitter forcing people to update their passwords. The reason: real or potential Twitter phishing attacks. Many people are talking about seeing an email from Twitter that reads:
Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset.
At this time there is no confirmed threat, but it appears that if nothing else, Twitter is taking a proactive role in helping to reduce and/or pre-emptively kill any phishing attempt that may be occuring. Even if Twitter hasn’t changed your password and/or you’re not affected by this possible phishing attack, we recommend the following course of action for increased security:
Change your password. Make sure to use a good mix of letter and numbers.
Review and rethink any third-party services you’ve allowed in your Twitter Connections setting.
It’s also a good time to go through your followers (and those you’re following) and check for spammy and/or suspect accounts. Things to look for in these types of accounts include, but aren’t limited to:
- Very few, if any, tweets. Ever.
- No tweets in the last
- Following thousands but followed by few.
- The same kinds of tweets sent out over and over and over.
We will report on this issue again as we find out more details. For more tips on staying secure on Twitter, check out our blog post “Six Secrets of a Safe Twitter Account.“.
UPDATE: Twitter addresses the password resets with their status update entitled Reason #4132 for Changing Your Password.