If you recently received an email asking you to “confirm your Twitter account,” don’t worry: you’re not being phished. Twitter has confirmed it inadvertently sent out a batch of emails to users of the social network asking them to reconfirm their accounts, but that the messages can be safely ignored.
“Some of you may have recently received an email to “confirm your Twitter account” that you weren’t expecting,” the company’s support account confirmed. “These were sent by mistake and we’re sorry it happened. If you received one of these emails, you don’t need to confirm your account and you can disregard the message.”
Word of the emails began to spread on Thursday this week – on Twitter, naturally – with uncertainty among recipients about how authentic they were. Given the regularity with which phishing attempts are made – hackers trying to gain access to online accounts by sending out emails that appear authentic, but are designed to steal credentials – there’s an understandable degree of skepticism about any message purporting to be from Twitter (or Facebook, or your bank, or any other organization at this stage).
That level of mistrust is probably wise at this point, of course. Users themselves are typically one of the weakest points in data security, given we can be fairly readily fooled into clicking on links we shouldn’t. Indeed, being suspicious of emails like Twitter’s is usually the number one recommendation from security experts.
Indeed, it was human fallibility that was blamed for a Twitter hack back in July 2020. That saw more than 100 accounts compromised, with the company blaming hackers targeting a small number of its employees with a phone spear-phishing social engineering tactic. That led to data being shared which could be used to persuade other employees that further false requests were legitimate.
Security experts recommend enabling two-factor authentication on your accounts when possible, something Twitter does offer. After that’s turned on, you’ll need not only a password but a secondary login method – a code, a physical security key being present, or a login confirmation via an app – to get access to your Twitter account. Two-factor authentication is generally considered safer when using a physical security key or code-generator app, rather than methods which send a code via SMS.
It’s also worth checking which third-party apps are associated with your Twitter account, as we’ve also seen those used in the past to exploit the social network. You can find a list of connected apps in the Twitter settings – and deactivate any you no longer need, or recognize – as well as a list of which devices are currently signed into your account.