Sophos Cloud Optix
Twitter has apologised for getting a little tipsy with account-locking gusto after having reset more passwords than it intended on Thursday.
The company won’t say how many users it “unintentionally” locked out of accounts and how many Twitterati received its subsequent email telling them to create a new password.
Here’s the apology:
"We’re committed to keeping Twitter a safe and open community. As part of that commitment, in instances when we believe an account may have been compromised, we reset the password and send an email letting the account owner know this has happened along with information about creating a new password. This is a routine part of our processes to protect our users."
"In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused."
Among the shuttered was TechCrunch. Unintentional closures aside, theirs was only one of many stories relating to an authentic hack behind Twitter’s reset snafu.
As Natasha Lomas describes it, TechCrunch’s account was hijacked by somebody who posted a work-from-home scam on its feed. (The site has since regained control of its account.)
And as has been widely reported, other Twitter account takeovers included those who comment on Chinese affairs.
For example, The Register noted takeovers of Hong Kong university’s China Media Project, which monitors censorship in the PRC, as well as the feed from WSJ reporter and USC Professor Mei Fong.
For his part, Patrick Chovanec, a professor at Tsinghua University in Beijing, tweeted that somebody broke in and tried to change his password.
He was logged in, however, and fended off the intruder.
Some are interpreting it as ipso facto Chinese censorship, with headlines such as “Cyber War: China Hacks Into Twitter and Censors it Ahead of Chinese Communist Election”.
But as others have pointed out, the Red Threat perception may amount to paranoia.
Such wariness is understandable, given that the Communist Party is currently holding its 18th National Congress.
But that’s circumstantial evidence. Tracing a Twitter hack is extremely difficult, after all, and some of those who tweeted about having their accounts hijacked admitted that they couldn’t really tell who the culprit was.
Twitter, in its email to those whose accounts were shuttered, alluded only vaguely to the compromise, saying it may have come from a “website or service not associated with Twitter.”
In its apology, Twitter included a link to its list of tips for safe tweeting, including:
- Use a strong password. Here’s Sophos’s Graham Cluley on making a unique and hard-to-guess password. If you don’t want to juggle a basketful of unique and hard-to-guess passwords, use a password generator to cook one up.
- Watch out for suspicious links, and always make sure you’re on Twitter.com before you enter your login information.
- Don’t give your username and password out to untrusted third-parties, especially those promising to get you followers or make you money.
- Make sure your computer and operating system is up-to-date with the most recent patches, upgrades, and anti-virus software.
Drunken bird image from Shutterstock.