Strange Twitter password business

ChilliBob

Hey everyone,
Not sure if this has happened to anyone else, however, Twitter emailed me to say there was suspicious activity on my account, and that access was attempted. Then a further email came through saying a password had been changed.

I did forgot password on Twitter and reset my password, and enabled 2fa (I didn't realise it wasn't on, I don't really use Twitter). 

What's concerning and confusing me is that a code was sent to my Gmail address to allow the password change to happen...

 I have changed my Gmail password, and according to Gmail security any account access in the last 28 days has all been me, and things I recognise. So, I'm a bit baffled about how the password was changed... And what I should do next really.

Any thoughts much appreciated!

Newcad

It happens with most accounts when you change a password, not just twitter.

Even if it is you that has changed the password yourself (using a code they sent you if it was a forgotten password) it still automatically emails you a security notification that it was changed.

(Google itself is a pain for automatic 'security' emails, everytime I log into gmail from my laptop it sends me an automatic email that my google account been 'accessed from a different device'; yes I know, I've accessed it from my laptop not my phone. I just can't get it to understand that like most people I have more than one device. I guess that it wants me to stay always logged into my google account on my laptop.).

ChilliBob

What I'm saying is it appears somebody changed my Twitter password, and accessed my account from the US this morning. 

I can't understand how they can change the password without access to my email to see the code Twitter sent. 

Yet, thankfully, according to Google my email has only been accessd on devices I recognise myself. 

It's probably the kind of thing I won't get any definitive answer to, so I've just resorted to changing as many passwords as I can think of really. 

Newcad

I see, possibly someone had your email address and old password and used those to login and then change the password?

You can check on 'Have I been Pwned' if your passwords, email address, and even your phone numbers, have been exposed/collected in a data breach .

Passwords: https://haveibeenpwned.com/Passwords

Emails & Phones: https://haveibeenpwned.com/

Enter your password, email or phone number in the box and click on the 'pwnd?' button.
If it has been in a data breach it will flash up red and tell you how many breaches it's been in - if that happens then change it of course.

(Try your old twitter password to see if it had been in a breach).

flaneurs_lobster

Is it not likely that the first two emails warning about access to the Twitter account are phishing spam?

Did they contain "click here to fix it" messages? What was the actual email address of the source? 

I often get emails about suspicious activity on my Facebook and Instagram accounts. Neither account exists. 

ChilliBob

Yeah I did wonder about that to be honest, so any links I opened copying the link text first etc. Also went straight to twitter myself rather than via an email link.

Anyhow, I've changed most passwords and added 2fa to twitter.

Just reviewing my password manager options now, I was happily using last pass for a few years, but seems the few breaches it had had make experts bit recommend it anymore. 

All the decent ones, like Nord Pass or Bitwarden seem to have mobile apps with some issues sadly!

Thinking I may have two 'vaults' - one with less sensitivity info in - forums, shops without bank details etc, and one for sensitive sfuff like banking etc, which doesn't go near the mobile.

Oh and discovered my phone has a fingerprint reader, which has sped up using it, which is a bonus!