Twitter comes clean over password reset gaffe

Social networking site admits recent security clampdown resulted in unnecessary password resets for some users.

Twitter

Social networking site Twitter has been commended for admitting it reset more user passwords than it intended to during a recent security blitz.

The company came clean about the gaffe in a blog post yesterday. In it, the firm explained that it regularly resets the passwords of accounts that appear to have been compromised.

"We reset the password and send an email letting the account owner know this has happened along with information about creating a new password," said the post.

"This is a routine part of our processes to protect our users."

The company then went on to confess that it reset more passwords than it needed to during a recent security clampdown.

"We unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised [and] we apologise for any inconvenience or confusion this may have caused," the post concluded.

Speaking to IT Pro, Graham Cluley, senior technology consultant at security software vendor Sophos, said Twitter was right to admit its mistake, adding that it was unlikely to have caused users many problems.

"People end up trusting a company more when they admit they made a boo-boo than if they tried to initiate a cover-up," he said.

"It's inconvenient for those affected...and people who hadn't had their accounts compromised might panic they had been hacked, and waste time trying to determine if anything bad had happened."

Featured Resources

Become a digital service provider

How to transform your business from network core to edge

Download now

Optimal business results with the cloud

Evaluating the best approaches to hybrid cloud adoption

Download now

Virtualisation that enables choices, not compromises

Harness the virtualisation technology that's right for your hybrid infrastructure

Download now

Email security threat report 2020

Four key trends from spear fishing to credentials theft

Download now

Recommended

How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
Hackers using COVID vaccine as a lure to spread malware
hacking

Hackers using COVID vaccine as a lure to spread malware

15 Jan 2021
Cyber criminals bypassing MFA to access cloud service accounts
two-factor authentication (2FA)

Cyber criminals bypassing MFA to access cloud service accounts

14 Jan 2021
Weekly threat roundup: Microsoft Defender, Adobe, Mimecast
vulnerability

Weekly threat roundup: Microsoft Defender, Adobe, Mimecast

14 Jan 2021

Most Popular

How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
The fate of Parler exposes the reality of deregulated social media
Policy & legislation

The fate of Parler exposes the reality of deregulated social media

14 Jan 2021
Should IT departments to call time on WhatsApp?
communications

Should IT departments to call time on WhatsApp?

15 Jan 2021