Twitter just sent out a wave of emails to users who it believed had compromised accounts. The company acted quickly and reset the passwords of these users, requiring them to create new ones.
There's just one problem, Twitter sent out too many of these emails and users who hadn't had their accounts broken into or their passwords leaked also received them.
Given that the passwords have already been reset, there's nothing for Twitter to do now but apologize.
There's no harm done in all of this, but sending this type of emails, which are a favorite of phishers should be a last resort in real emergencies.
The fact that Twitter sent out these emails to people it didn't intent to suggests that it needs to revamp the process and find out where the problem is, since there's definitely a problem.
"We’re committed to keeping Twitter a safe and open community. As part of that commitment, in instances when we believe an account may have been compromised, we reset the password and send an email letting the account owner know this has happened along with information about creating a new password. This is a routine part of our processes to protect our users," Twitter explained
However: "In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused," it added.
This isn't something you want to from Twitter, but, again, there's no harm done. Still, Twitter is a large site and it’s popular as a login provider, after Google and Facebook, its accounts should be more secure than they are.
The question of how these passwords were compromised hasn't been answered yet, typically the passwords are leaked from breaches in other sites. That's what Twitter implied in its emails as well.