Twitter appears to have reset the passwords for an undetermined portion of its user base because of a possible security breach.
"Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We've reset your password to prevent others from accessing your account," read an email with a timestamp of around 2:30 a.m. EST Thursday.
The notice has left many users perplexed as to if it was a real request, or a forgery from online tricksters.
"Did anyone else get an email from Twitter saying account may have been compromised by 3rd party site or plugin?" asked journalist Dan Gillmor, in a short message posted on Twitter. Numerous people on Twitter have posted messages about receiving such a notice.
Twitter had posted no additional information about a security breach as of late morning Eastern Time, either on its blog or as a status update from its official account, and did not reply to a request for comment by then.
The email proves a link to an SSL (Secure Socket Layer) password reset page on Twitter, as well as to a page where users can check what third-party applications have access to their Twitter accounts. The reset page will not let users reuse their old passwords. Twitter provides access to third-party applications with the permission of its users.
While the email appears to have come from the Twitter domain and provides links that lead to the site, users should always double check any link sent in email to assure it is not a disguised link to a malicious site.
"Always check that your browser's address bar is on a https://twitter.com website before entering your password. Phishing sites often look just like Twitter, so check the URL before entering your login information!," The Twitter email warned.
The TweetSmarter Twitter news and tips site has advised that Twitter usually sends out reset messages whenever large numbers of Twitter accounts have been hijacked.
Sign up for CIO Asia eNewsletters.