Twitter in an attempt to save its users’ accounts from being hacked resets passwords for a large number of accounts. Though, it has been a general security measure that twitter takes, this time it has gone overboard. It is normal practice for twitter to reset password and send an email to all the account holders informing the same.
Pertaining to the same security act on November 8th, Twitter had reset passwords for a few accounts like always. But the number of accounts for which the password was reset turned out to be a huge number than they had actually expected, reports say that there might be a whopping 140 million getting the reset emails.
Carolyn Penner, one of the spokeswomen for Twitter, assured that there had not been any security breach, but declined to say how many accounts were affected by the error.
The cause of the compromise is not described in detail in the Twitter’s email — it just says “Twitter believes that your account may have been compromised by a website or service not associated with Twitter”.
However, Twitter’s new system for authorising third-party applications suggests users to give their username and password nowhere else other than the Twitter site. If the third-party apps wants to access twitter account, they would have to request a “token” which can revoked by the user or Twitter. No third-party site that doesn’t directly provide Twitter functionality should demand a password.
So, if you get a mail from twitter requesting to change your password, don’t get surprised. Just give a new one and start tweeting again.