Twitter comes clean over password reset gaffe

News 9 Nov, 2012

Social networking site admits recent security clampdown resulted in unnecessary password resets for some users.

Social networking site Twitter has been commended for admitting it reset more user passwords than it intended to during a recent security blitz.

The company came clean about the gaffe in a blog post yesterday. In it, the firm explained that it regularly resets the passwords of accounts that appear to have been compromised.

“We reset the password and send an email letting the account owner know this has happened along with information about creating a new password,” said the post.

“This is a routine part of our processes to protect our users.”

The company then went on to confess that it reset more passwords than it needed to during a recent security clampdown.

“We unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised [and] we apologise for any inconvenience or confusion this may have caused,” the post concluded.

Speaking to IT Pro, Graham Cluley, senior technology consultant at security software vendor Sophos, said Twitter was right to admit its mistake, adding that it was unlikely to have caused users many problems.

“People end up trusting a company more when they admit they made a boo-boo than if they tried to initiate a cover-up,” he said.

“It’s inconvenient for those affected...and people who hadn’t had their accounts compromised might panic they had been hacked, and waste time trying to determine if anything bad had happened.”