It seems that Twitter has been forcing some users who it believes to have had their accounts compromised in a recent phishing attack to change their passwords.
It seems that Twitter has pre-empted those who would-be victims of the phishing attack by messaging them in advance, warning of the issue and then instituting a mandatory password reset. Indeed, the message from the folks at Twitter, as obtained from the fine folks at TheNextWeb simply reads,
“Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset.”
Perhaps strangest still about the whole business is the word that the message may have been issued to anyone following an account under the name of @THCx which apparently offers tips/tricks across the micro-blogging service. According to the TheNextWeb, the phishing attack may well have been carried out across NutShellMail, which apparently offers the ability to respond to messages on Twitter through your email, which is both intriguing and, admittedly, a little insecure sounding.
It’s strange stuff, but it’s something that we could well see more of, given the fact that people seem to be almost as permissive when it comes to giving things access to their Twitter account as they are with Facebook accounts… neither of which are quite as secure as it seems people believe.