Twitter Password ResetWe’ve just got a note from a user indicating an email from Twitter asking user to reset their password. Reason for changing user password is said to be the concerns over user passwords being compromised due to a phishing attack that reportedly tool place off twitter. While Twitter hasn’t yet responded to it officially, there’s something common among all twitter accounts that got password reset messages. All these accounts got spammy looking mentions (@targetusername) from different users (@SoniaBlackbuq in one case), messages read like:

If you are an artist or listen to music you should use http://tinyurl.com/twitmuzik to upload your music using your twitter account

Get paid on twitter with your account doing surveys at http://tinyurl.com/twittersurveys

Links lead to twtsurveys.com and twtmuzik.net. Both sites allow sign up using Twitter. twtsurveys.com allows twitter users to “earn money” and twtmuzik.net allows users to upload and share their music on Twitter. Both websites are registered recently and some users also seem to be using them. Although the activities of these sites look suspicious, it is still NOT conformed if that was the actual cause behind Twitter’s password reset request to some users.

Here is how the original email from Twitter reads:

Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset. Please create a new password by opening this link in your browser:

http://twitter.com/account/password_reset?email=useremail@usermail.com&token=xxxxxxxxxxxxxxx

This will reset your password. Remember to choose a strong password that is a combination of letters, numbers, and symbols. Do not reuse your old password.

As a reminder, you should be extraordinarily suspicious of any third party that offers to artificially inflate your follower count. We do not endorse any of these sites.

Please make sure to:

  • Scan your computers for viruses / malware, especially if unauthorized tweets continue to be posted in your accounts even after you’ve changed the password.
  • Check the Connections page at http://twitter.com/account/connections and revoke the access privileges of any third party applications that you do not recognize.
  • Avoid providing your username and/or e-mail and password to untrusted third-party sites.
  • Remove any updates that you did not post personally; leaving these updates can result in your account being re-suspended.

You can also visit our help page for hacked or compromised accounts.