Twitter admitted it accidentally reset the passwords of some users as part of a security check-up earlier today.
The company said it was responding to a huge phishing attack on users on Wednesday night, but unintentionally changed the passwords of thousands more users than were affected.
Victims of the phishing attack included technology site Techcrunch, which has 2.5 million followers, and tweeted a link which could have drawn more people in.
Thousands of users of the micro-blogging site received an email warning their accounts had been hacked, and were asked to changed their passwords. The email said:
Twitter believes that your account may have been compromised by a website or service not associated with Twitter.
We've reset your password to prevent others from accessing your account.
Concerned tweeters, including comedian David Mitchell, warned followers they may have been hacked, but could not find any evidence.
Got an e-mail from twitter telling me that my password had to be changed because they thought my account had been hacked. (cont.)From @RealDMitchell on Twitter:
So I've changed it, but the only evidence of hacking I can find is that my tweet about my Observer column last Sun has disappeared. Weird.From @RealDMitchell on Twitter:
This prompted numerous users to fear the email from Twitter was a phishing email, and many tweeters said they ignored it.
Twitter cleared up the mix-up by confirming in a blog post it had unintentionally reset passwords in a much larger number of accounts than was intended:
In instances when we believe an account may have been compromised, we reset the password and send an email letting the account owner know this has happened along with information about creating a new password. This is a routine part of our processes to protect our users.
In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused.
Despite the mistake, Twitter says only a very small percentage of its more than 140 million users had their passwords affected.