Site icon Panda Security Mediacenter

Will Twitter send you an e-mail to change your password? Yes (WTF!)

I’m really sorry. Please, forgive me, I really didn’t want to lie to you, but I did 🙁

Today Olaiz has published the blog post “Since when Facebook changes your password?” and I suggested her to include the following sentence to end the article:

By the way, this advice is valid for any online service: social networks, email, banks, shopping 😉

I promise I did this with the best of my intentions. How could I figure out that there was some company stupid enough to do this? Well, there is such a company, and it is Twitter. I love Twitter, as you probably know if you are following me, but I could not imagine that they were able to do this kind of things.

One of my followers, Emilio, told me “Twitter does” and a link to a blog post he wrote about this (in Spanish). This is the message that Emilio received:

His first thought was “of course, this is a phishing attack, but it is pretty well done”. So Emilio checked the e-mail headers, the links in the message… everything looked real. But he knows about security (which means that he is a bit paranoid 😉 ) so he did not click on the link, but went to Twitter.com and tried to log in, and it didn’t work. So he had to go to the “real phishing” message from Twitter, click on the link, and create a new password.

Incredible. I have no words. So I will change my previous advice, and it will be this:

By the way, this advice is valid for any online service (which takes security seriously and has common sense): social networks, email, banks, shopping 😉

Sorry again

Exit mobile version