Twitter sent me the following email on 2nd of February, letting me know that they had reset my password with concern that my account has been compromised.
Hey there.
Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset. Please create a new password by opening this link in your browser:
http://twitter.com/account/password_reset?email=xxxxx
This will reset your password. Remember to choose a strong password that is a combination of letters, numbers, and symbols. Do not reuse your old password.
As a reminder, you should be extraordinarily suspicious of any third party that offers to artificially inflate your follower count. We do not endorse any of these sites.
Please make sure to:
* Scan your computers for viruses / malware, especially if unauthorized tweets continue to be posted in your accounts even after you’ve changed the password.
* Check the Connections page at http://twitter.com/account/connections and revoke the access privileges of any third party applications that you do not recognize.
* Avoid providing your username and/or e-mail and password to untrusted third-party sites.
* Remove any updates that you did not post personally; leaving these updates can result in your account being re-suspended.You can also visit our help page for hacked or compromised accounts
I did not give much attention after finding no unusual activities on my Twitter account. Until this morning..
Checking: http://anonymx.com/ #NowPlaying V-Day #WhoToldYouThat
And I’m not the only one:
I don’t remember giving my Twitter password to any third party sites, except for Twitpic, and all my third party applications connections are pretty genuine. Nevertheless I’ve changed my Twitter password.
I have the same thing and I managed to change my password no problem. Got a text direct to my cell this morning from them as well. Would like advice on how to block them….
The only place I ever enter my Twitter credentials is Twitpic, and I use a mac, so it's very unlikely that it's malware or a phishing scheme. All the apps I had given oAuth to were legit.
My guess is that Twitpic had a security breech. I'm going to contact them and see if they know anything.
This is Twitter's reason for the 2nd February password resets, apparently it's related to torrent sites – http://status.twitter.com/post/367671822/reason-4…
But I don't remember having any accounts on any torrent sites, so I don't think this attack is related to that. Any idea?
i had a similar issue… other than twitpic i use twitter explorer vista sidebar gadget and twittelator on iphone – they're the only places i've ever entered my pwd
I noticed the same thing on my page, and I don’t use Twitpic or torrents at all. I installed the Chromed Bird extension on Chrome last week, but that’s the only place I’ve entered my password, I believe.