Take it from someone who knows, as last night before getting my beauty sleep I got 10 emails from Twitter. They read something like this:
Hey there.
Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset. Please create a new password by opening this link in your browser:
It had a link to go reset my password so in the interest of security, I did as they recommended. However, even after doing so, I kept receiving the emails for a bit. While walking by my “office” I noticed my Tweetdeck application had a message on the screen stating I had reset my password and to re-enter. I thought this was odd, since I had not reset this particular password …. hmmm, strange. I got a bit concerned so I went to the Twitter web page to reset my password. However, this led me nowhere. When I entered my email address to reset my password I get this lovely message
Locked out!
We’ve temporarily locked your ability to reset passwords. Please chillax for a few, then try again.
That’s reassuring isn’t it? So I can only assume Twitter had some sort of security breach as I DID NOT respond to any phishing emails … I think someone over there needs to come clean as there are others have the same issues according to this post over at CenterNetworks.
Since I have multiple Twitter accounts I was able to log in and open a support ticket, but I am not too confident in a quick resolution for some reason.
Anyone else out there having these issues? We would love to hear about them, drop a comment below.
UPDATE: Well I wanted to report back. I got my support case answered. This was the reason my account password was reset
We reset your password because your account is hooked up to “get followers” programs which are against the Twitter Rules (http://help.twitter.com/forums/26257/entries/18311) and Automation Rules and Best Practices (http://help.twitter.com/forums/10711/entries/76915). You should have gotten an e-mail regarding this, I think.
I am not sure what this exactly means (in all fairness I have not read the above links) but in any case I did not think I was part of any “get followers” scam. Honestly, those who know me best know that I actually eschew followers 
I discourage followers ! In any case with the help of a good rep, his name was tiger (I wont touch that one) he help me reset my password and I am back.
The one thing that does bother me though still is the fact that I supposedly was sent an email detailing my infractions ? Never got one. And it all just seemed very suspicious last night on the heels of all the phishing emails etc.
Any other updates from you all ?
UPDATE 2: Well I would like to tell you all of this nonsense is over … but alas I cannot. Starting about 20 minutes ago, I started receiving the rash emails saying I need to go reset my password, here it is
Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset. Please create a new password by opening this link in your browser:
This will reset your password. Remember to choose a strong password that is a combination of letters, numbers, and symbols. Do not reuse your old password.
As a reminder, you should be extraordinarily suspicious of any third party that offers to artificially inflate your follower count. We do not endorse any of these sites.
Please make sure to:
- Scan your computers for viruses / malware, especially if unauthorized tweets continue to be posted in your accounts even after you’ve changed the password.
- Check the Connections page at http://twitter.com/account/connections and revoke the access privileges of any third party applications that you do not recognize.
- Avoid providing your username and/or e-mail and password to untrusted third-party sites.
- Remove any updates that you did not post personally; leaving these updates can result in your account being re-suspended.
You can also visit our help page for hacked or compromised accounts
Seriously, WTF is going on here. I have disabled ALL third party applications and reset my password. This is getting very very old Twitter. It seems like there is something really amiss over there and they need to communicate.
{ 20 comments… read them below or add one }
Had the same issue last night – and when I initially tried to change my password, it didn't work. I also kept getting the same email – 12 of them! Finally, I was able to get things changes and set this morning.
Thanks Jane ! Hopefully I can get things resolved as well….
I just cant get to the reset stage … I get that locked out msg, been getting that since last night.
I had the same thing – I turned off all of my twitter clients, mobile and desktop and waited a few hours to retry. Good luck!
I didn't get the emails but I kept getting the message that Twitter wasn't available.
I'm confused – you say you "did as they recommended" in regards to the email containing a password reset link, but then emphatically state that you did not respond to any phishing emails. Are you sure?
Hi Bob
The emails I got were for another twitter account, but I verified their links.
The account I am locked out of I never got an email for, thats why I was saying I did not respond to any emails emails about it
Ahh, okay. I figured I was missing something – thanks for the clarification.
wow! I wonder what is going on. Thanks for the link – I doubt that Twitter will say anything about the issue.
I think you probably didn't verify so well. If you get an email like that, open another browser and go find the password reset manually. Following any link is asking to get phished. There are plenty of ways to make the link appear to be a legitimate URL while it's actually sending you elsewhere.
Thanks BigOldGeek, but I work in the field and am well aware of the measures to take. I checked everything was good. In the end it turned out to be a coincidence, but thanks for the vote of confidence
No offense intended but your reply makes me even more suspicious. If you opened a different browser window from scratch so it didn't share the thread with the current one and copied the link carefully, pasting it in and checking for "typos" before hitting enter or better, doing what I suggested above, then you probably did verify it well enough.
If you clicked on it and just trusted your skills to detect a bogus link or some phishing detector then you probably blew it.
I'm in the industry 25 years now and I know there are bad guys cleverer than me – Plenty of them since I have to do all sorts of things in addition to security. Overconfidence is the enemy.
This password issue isn't new, but the email that you've described is.
See Richard's (Tweetdeck dev team) from 11/13/2009:
http://support.tweetdeck.com/forums/60463/entries...
For those deciding not to click through, it's a problem with the password change getting pushed out to the API, which affects anyone using a 3rd party client (Tweetdeck, Tweetie, etc.) to connect to Twitter.
While you're chillaxin', logout of your third party apps. All of em. After you're done chillaxin', go back to Twitter.com, login, and choose a new password before you go to bed. Wake up the next morning, login to Twitter.com, then launch your 3rd part app.
@malbiniak seyz #beerme
Just started getting the email again – 10 so far. Was just able to change again, but this is getting ridiculous.
Again?!!? Are you serious?!
Yeah it is getting crazy. The twitter rep helping me out is great (Hi tiger) but he says someone is still attempting to access my account. I have all third party apps cut off, etc .. But as I said if you look at this http://bit.ly/6uvPR5, it appears to be pretty widespread, yet has not bubble up to a tipping point yet.
Got one and changed my password, then 9 more and had to change again. Grrrrrr.
Anyway – Happy New Year!
I am not surprised at this, twitter didn't give me access to my account on a few occasions.
I'm getting this on a work account. We use no 3rd party apps, have received no phishing emails, didn't click that link in the email that was supposedly from Twitter, but was locked out of my account and reset manually. Twice. I used not only different browsers, but different computers to do so. And yet I'm still getting these emails over and over.
What are the odds of this being a Twitter glitch?
I got the e-mail once and ignored it. Not seen any problems.
my twitter page is doin thesame thing….but how can i get it to log me on, and also i dont use twitter on the phone only a laptop. so i dont know if a have any messages, all i know is that it wont let me login or change my password, and it wont send the info to change my e-mail, and it say im locked out…PLZ HELP ME
{ 3 trackbacks }