Twitter comes clean over password reset gaffe


Social networking site Twitter has been commended for admitting it reset more user passwords than it intended to during a recent security blitz.

The company came clean about the gaffe in a blog post yesterday. In it, the firm explained that it regularly resets the passwords of accounts that appear to have been compromised.

"We reset the password and send an email letting the account owner know this has happened along with information about creating a new password," said the post.

"This is a routine part of our processes to protect our users."

The company then went on to confess that it reset more passwords than it needed to during a recent security clampdown.

"We unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised [and] we apologise for any inconvenience or confusion this may have caused," the post concluded.

Speaking to IT Pro, Graham Cluley, senior technology consultant at security software vendor Sophos, said Twitter was right to admit its mistake, adding that it was unlikely to have caused users many problems.

"People end up trusting a company more when they admit they made a boo-boo than if they tried to initiate a cover-up," he said.

"It's inconvenient for those affected...and people who hadn't had their accounts compromised might panic they had been hacked, and waste time trying to determine if anything bad had happened."

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.