Twitter on Tuesday said it had to reset passwords for "a small number of accounts" after the microblogging site was targeted by a phishing attack.
The site said that attackers had attempted to steal the login information of users who had used their Twitter password username and password to sign up for an untrusted third-party application. Officials didn't disclose just how many accounts had their passwords changed, saying only that the third-party application had used the login information to post tweets to their accounts.
"As part of Twitter's ongoing security efforts, we reset passwords for a small number of accounts that we believe may have been compromised offsite," Twitter said in a statement. "While we're still investigating and ensuring that the appropriate parties are notified, we do believe that the steps we've taken should ensure user safety."
Being able to rapidly share information, links, photos and videos is big part of Tw itter's allure. But their popularity has long made them a prime target for online criminals.
"Social networks are large, successful targets because phishers exploit the trust the recipients have in their own social networks," Jamie Tomasello, abuse operations manager at security software maker Cloudmark, said in an e-mail to InternetNews.com. "The phisher also takes advantage of our natural curiosity to look at links in messages with sensational subject lines and our immediate desire to react to a warning message."
"Users receiving these types of messages should pause before responding, verify the sender, and ultimately go to the site directly instead of clicking on the link in the message," she added.
Additionally, many users are simply not careful enough in safeguarding their login information. Third-party sites such as twitpic.com, TweetDeck and twhirl require users to input their Twitter login information, but security experts say the practice of reusing usernames and passwords on multiple sites can lead to security breakdowns.
This isn't the first time Twitter has been targeted by hackers. In August, a denial-of-service attack perpetrated by a botnet delivered a flood of traffic that temporarily disabled Twitter and slowed Facebook and other services.
Twitter officials this week were quick to point out that the site hadn't been the source of a data breach and advised users to continue checking for updates on the situation at Twitter feeds @safety and @spam throughout the day.
Additionally, some users are receiving e-mails from Twitter recommending that they create a new password by following a provided link or by logging in directly at twitter.com.