Twitter forces some users to reset passwords after phishing attack

In a "precautionary step," Twitter urges stronger passwords

Twitter has apparently forced some users to reset their passwords after a phishing attack, and urged users to choose hard-to-guess passwords and be on the lookout for suspicious third-party activity.

Social networking hacks: Top 10 Facebook and Twitter security stories of 2009

Scottish blogger Andrew Girdwood was among those who reported receiving a message that states "Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset. Please create a new password by opening this link in your browser. … Remember to choose a strong password that is a combination of letters, numbers, and symbols. Do not reuse your old password."

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Twitter has apparently forced some users to reset their passwords after a phishing attack, and urged users to choose hard-to-guess passwords and be on the lookout for suspicious third-party activity.

Social networking hacks: Top 10 Facebook and Twitter security stories of 2009

Scottish blogger Andrew Girdwood was among those who reported receiving a message that states "Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset. Please create a new password by opening this link in your browser. … Remember to choose a strong password that is a combination of letters, numbers, and symbols. Do not reuse your old password."

Twitter acknowledged the password reset, describing it as a "precautionary step," but did not say how many users were affected or describe the nature of the phishing attack.

Twitter's official "safety" account issued a tweet saying "Got an email from us saying we've reset your password? A small # of accts seemed possibly affected offsite & we took a precautionary step." Previous tweets from this account offer advice for avoiding attacks, such as "Giving out your username & password to a 3rd party site promising you more followers: not a good idea AND a violation of the Twitter Rules."

Twitter's message to users urged them to remove any updates they did not post themselves; scan their computers for viruses and malware; and check the Twitter connections page and revoke access privileges for any third-party applications they do not recognize.

Twitter has become a magnet for computer hackers because of its increasing popularity, with reports of malware and spam on social networks rising 70% in the last 12 months.

Follow Jon Brodkin on Twitter: www.twitter.com/jbrodkin

This story, "Twitter forces some users to reset passwords after phishing attack," was originally published at NetworkWorld.com. Follow the latest developments in security at Network World.

Read more about security in Network World's Security section.