Nov 8, 2012

Use Twitter? Time to Change Your Password.

Update: Twitter has now confirmed in a blog post that it was a technical error, rather than an issue of compromised accounts, indicating that "In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused." We apologize for any alarm caused by our post in our effort to alert users to any potential threats.

Reports are now circulating that Twitter may have been hacked. Although no official statement has been made by Twitter at this time, a large number of users are already being forced to go through a password reset process following reports of compromised accounts with spammy posts and DMs.

For those whose accounts appear to be affected, Twitter is forcing you to submit one of three pieces of personal information when attempting to login - your phone number, email address, or Twitter handle. After providing the data, a password reset email is immediately sent to the user:

The email contains a link to a page where you can create a new password, although it doesn't request the old password or require you to enter the new password twice. It does seem phishy, but from what we can see, if you're forced to go through this process you can't log back in to your account until you follow these steps.

Details are still emerging about the situation and whether it's truly a "hack", but we highly recommend that all users update their Twitter passwords. Use LastPass to login, and update your Twitter password with a new one generated by LastPass. Run the LastPass Security Check (located in the Tools menu of the browser addon) to check if you are re-using your Twitter password on other sites. If you are, we highly recommend you change those as well.

Because no official dump of user's passwords has been reported, LastPass Sentry will not currently alert you if you have been affected. If you're new to secure password management, get started today by downloading LastPass, creating a free account, and updating your passwords to secure, generated ones.

We'll keep you posted on any further updates that emerge.