It's hard to imagine something worse than a nefarious hacker taking hold of your Twitter account, potentially sending out dozens of embarrassing or harmful Tweets in your name.
So when millions of Twitter users got emails this week warning them to change their passwords to keep their accounts from being compromised, most probably did so faster than you can say hashtag or microblog.
But it turns out that in most cases the warning was unnecessary.
'Our Bad'
Twitter on Thursday fessed up to a case of password overkill, announcing on its Status page that not as many accounts as they first assumed were suspected to be compromised.
"We're committed to keeping Twitter a safe and open community," Twitter said. "As part of that commitment, in instances when we believe an account may have been compromised, we reset the password and send an email letting the account owner know this has happened along with information about creating a new password. This is a routine part of our processes to protect  our users.
"In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused."
No explanation was given for the initial concern about the passwords or how many people were actually affected. A Twitter spokesman did not respond to our request for information in time for publication.
Security experts recommend changing passwords routinely, even when not prompted, to avoid having accounts hacked.
And users of any popular email or social media service should always double check whether "change your password" or "verify your account" prompts are legit.
Hover First
One common example of phishing -- the term that describes hackers' attempts to trick you into revealing passwords and other data -- is a fake email from PayPal threatening to limit the recipient's account privileges unless he or she clicks on a link in the message.
"You don't tell where a Web site goes by clicking on it," warns cyber security expert Graham Cluley of Sophos. "After all, you could be taken to a Web site that hosts malware or an exploit, which could -- afterwards -- take you to the real site."
Cluly suggests users hover their mouse cursor over the link to see where the pop-up tells you the destination will be.
"Even then, hackers could compromise a vulnerable Web site so that clicking on a link to a legit Web site ends up taking you to a dangerous page," he adds.
Cluley suggests a bit of homework before you respond to an "out-of-the-blue" reset-password email when there was no prior sign of trouble, such as unauthorized use.
|
