Every once in a while, we go through this. For one reason or another, Twitter asks to reset your password. Typically, they only send out emails asking you to do this when the situation’s gotten pretty wide-spread, and per TechCrunch, that is exactly the case with Twitter’s last set of emails.
Here is a copy of what the email looks like:
Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We’ve reset your password to prevent others from accessing your account.
You’ll need to create a new password for your Twitter account. You can select a new password at this link:
As always, you can also request a new password from our password-resend page: https://twitter.com/account/resend_password
Please don’t reuse your old password and be sure to choose a strong password (such as one with a combination of letters, numbers, and symbols).
In general, be sure to:
- Always check that your browser’s address bar is on a https://twitter.com website before entering your password. Phishing sites often look just like Twitter, so check the URL before entering your login information!
- Avoid using websites or services that promise to get you lots of followers. These sites have been known to send spam updates and damage user accounts.
- Review your approved connections on your Applications page at https://twitter.com/settings/applications. If you see any applications that you don’t recognize, click the Revoke Access button.
For more information, visit our help page for hacked or compromised accounts.
The Twitter Team
The first thing that jumps out at me is: why the hell is Twitter sending out emails with links to reset your password? That’s like the phishing-est phish that ever phished a phish.
But what caused this problem in the first place? Well, the servers might have gotten hacked or something like that. But these are probably the least-likely scenarios.
The simplest answer is that some very popular web service that uses Twitter login was compromised. If you use Twitter to log into, say, Huffington Post and they subsequently get hacked, the permission you gave them to your account may be sufficient to allow them to tweet or DM on your behalf.
Another possibility is a wide-spread dupe site, such as those that fool users with “vanity phishing” DMs, may have gotten particularly active.
Regardless of whether this is an internal or external problem for Twitter, it is probably in your best interest to reset your password. Even if you haven’t gotten the email.
AND EVEN IF THIS EMAIL IS LEGITIMATE, NEVER, NEVER, NEVER CLICK LINKS IN EMAIL! Go to Twitter directly and reset your own password. Email links are just way, way too dangerous.