I could not login to Twitter today and found Twitter sent us 4 emails warning us that they had reset our password automatically due to a possible “phishing attack that took place off-Twitter”.
Here is the full text of the email we got 4 times…
Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset. Please create a new password by opening this link in your browser: [Link]. This will reset your password. Remember to choose a strong password that is a combination of letters, numbers, and symbols. Do not reuse your old password. As a reminder, you should be extraordinarily suspicious of any third party that offers to artificially inflate your follower count. We do not endorse any of these sites.
Please make sure to:
- Scan your computers for viruses / malware, especially if unauthorized tweets continue to be posted in your accounts even after you’ve changed the password.
- Check the Connections page at http://twitter.com/account/connections and revoke the access privileges of any third party applications that you do not recognize.
- Avoid providing your username and/or e-mail and password to untrusted third-party sites.
- Remove any updates that you did not post personally; leaving these updates can result in your account being re-suspended.
You can also visit our help page for hacked or compromised accounts.
Since we were not aware of any phishing atempt, after verifying that it was not spam, or actually a phishing attempt itself, I clicked on the link and reset the password, and while I tried to login with the new password, Twitter locked us out.
Why did Twitter lock us out? Well at that time Tweetie, a cool Twitter client for Mac was active and busy trying to connect, so maybe that got us locked out. I checked the Locked Out help page and it seems after a Twitter client perform several failed login attempts with the old password, you will not be able to log in–even with the correct password. So they advise to disable any Twitter clients temporarily before login again. They promise the lock lasts about an hour and then will clear on its own and as expected well after 1 hour we were able to login normally.
So why did they reset our password? It seems Twitter tightened their security recently and there is a list of banned Twitter passwords which Twitter bans its members from using when they sign up for new accounts. Well we were not one of these passwords, but I checked my old password again in their password settings
So it seems they found our earlier password was weak and automatically reset it for our security. So now I created a new very strong password, and really need to thank Twitter for protecting our account. Check if your Twitter password is weak and fix it today. Did Twitter reset your weak password?