posted by ![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
bugshaw at 07:50am on 02/02/2013
bugshaw at 07:50am on 02/02/2013I got a couple of emails in the early hours from Twitter, saying "Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We've reset your password to prevent others from accessing your account.
You'll need to create a new password for your Twitter account. You can select a new password at this link..."
* The email appeared to come from twitter, and specifically the same email address they use to send to my account (which contains a rot-13'd version of my email address).
* The links in the email looked legitimate, and they gave an alternative method to reset by typing the usual Twitter page into the browser and following menus.
BUT
* They addressed me as "@bugshaw" or "Dear Twitter user" where every other email I have had from Twitter addresses me as "$Full name associated with the account".
How suspicious do I need to be?
As there is a blog post about it I've gone with the password change, but it's interesting how our brains get trained into suspicion.
http://blog.twitter.com/2013/02/keeping-our-users-secure.html
You'll need to create a new password for your Twitter account. You can select a new password at this link..."
* The email appeared to come from twitter, and specifically the same email address they use to send to my account (which contains a rot-13'd version of my email address).
* The links in the email looked legitimate, and they gave an alternative method to reset by typing the usual Twitter page into the browser and following menus.
BUT
* They addressed me as "@bugshaw" or "Dear Twitter user" where every other email I have had from Twitter addresses me as "$Full name associated with the account".
How suspicious do I need to be?
As there is a blog post about it I've gone with the password change, but it's interesting how our brains get trained into suspicion.
http://blog.twitter.com/2013/02/keeping-our-users-secure.html
(no subject)
http://www.guardian.co.uk/technology/2013/feb/02/twitter-hacked-accounts-reset-security
(no subject)
(no subject)
If there's a contact point at Twitter I'd suggest you point out your suspicions to them.
(no subject)
I get enough real random "reset your password" emails from Twitter that I almost ignored this. (Is it my fault that people enter the username they wish they had, rather than the one they do, for "reset my password"?)
(no subject)
I ignored 2 and I'd not reset password - weirdly Twitter was still ok on phone but not on iPad. I prob had better change password but am bemused. Also annoyed as I reset Twitter password only last wk when foolishly caught bug ..
(no subject)
I got 2, maybe 3 of them this time, deleted them and wasn't impacted.
(no subject)
It's difficult - we publish details of how we cancel accounts on our website, and also run publicity campaigns. Some people seem to think we should phone them or send them a letter, but with 1,000 people a month that is not a viable option.
Generally we want people to err on the side of suspicious. Its not an easy one.