We’ve received reports of users seeing Tweets from people they are not following in their timelines; we’ve isolated the issue and remedied it.

Originally posted here:

Some users experiencing misdirected Tweets

Some users reported seeing @replies in their home timeline from folks they were not following; we’ve remedied the issue going forward.

View original post here:
@Replies In Timeline

We’re currently hearing from users who’re missing updates on their timelines; we’re looking into the situation and working to fix it.

More:

Reports of Missing Tweets

Some users are experiencing no new updates to their timeline. We are aware of the issue and investigating.

Update (2/28 1:00p): We have pinpointed and resolved the issue.

Follow this link:

Some user’s timelines frozen

Over the past few days, we’ve seen an increase in phishing attempts and are working on resetting passwords for accounts that were affected. While we’ve updated about these attacks via both @safety and @spam, we felt that it was important to post a more complete alert. If you receive a DM or see a message with a phrase like “This you??” or “LOL is this you” followed by a link, please do not click through; there’s a phishing site on the other side. While simply receiving this message does not mean your account is compromised, if you do click through and enter your username and password, you’ll want to change your password. If you’ve received this type of spam from a friend, you may want to alert them to change their password. You can read more information about keeping your account safe here: http://bit.ly/SecureMyAccount.

Read the rest here:

Update Re: Phishing

We have disabled the name search feature. It will be a few days before it is re-enabled for all users.

More here:

Name search is temporarily disabled

We re-enabled name search. Thanks for your patience!

More:
Name search working as expected

The name search feature is temporarily disabled. We’re working on getting it back online ASAP.

Read more:
Name search feature temporarily disabled

We are currently investigating intermittent connectivity problems on the AT&T network. Sending and receiving is affected.

Read more:

SMS connectivity issues on AT&T

As part of our ongoing efforts to monitor our user base for odd activity, we noticed a sudden surge in followers for a couple accounts in the last five days.  Given the circumstances surrounding this, we felt it was best to push out a password reset to  accounts that were following these suspicious users.

Then we started doing some digging and, given what we found today, we felt it important to share this information.  An outline of what appears to have happened follows …

Torrent sites aren’t exactly “new”; however, this is one of the first times that we’ve seen an attack that came from this vector.  It appears that for a number of years, a person has been creating torrent sites that require a login and password as well as creating forums set up for torrent site usage and then selling these purportedly well-crafted sites and forums to other people innocently looking to start a download site of their very own.  However, these sites came with a little extra — security exploits and backdoors throughout the system.  This person then waited for the forums and sites to get popular and then used those exploits to get access to the username, email address, and password of every person who had signed up.  Additional exploits to gain admin root on forums that weren’t created by this person also appear to have been utilized; in some instances, the exploit involved redirecting attempts to access the forums to another site that would request log-in information.  This information was then used to attempt to gain access to third party sites like Twitter.  We haven’t identified all of the forums involved (nor is it likely that we’ll be able to, since we don’t have any connection with them), but as a general rule, if you’ve signed up for a torrent forum or torrent site built by a third party, you should probably change your password there.

The takeaway from this is that people are continuing to use the same email address and password (or a variant) on multiple sites.  Through our discussions with affected users, we’ve discovered a high correlation between folks who have used third party forums and download sites and folks who were on our list of possibly affected accounts.  While not all users who were sent a password reset request fall into this category, we felt that it was important to put this knowledge out there so that users would know of the possibility of compromise of their data by a third party unrelated to their Twitter account.  We strongly suggest that you use different passwords for each service you sign up for; more information on how to keep your Twitter account safe can be found here: http://twitter.zendesk.com/forums/10711/entries/76036.

Del Harvey
Director, Trust and Safety

The rest is here:
Reason #4132 for Changing Your Password