Your Twitter Account Probably Wasn't Hacked
Twitter reset passwords for a bunch of users and sent them an e-mail that their account may have been compromised. Turns out it was an overreaction.
It's possible you got a weird e-mail from Twitter late last night or early this morning informing you that your account had been potentially compromised, and that Twitter had reset your password to protect you. The e-mail from Twitter is legit, but the reason you got it is a mistake. Your account is fine. Probably.
Whenever Twitter suspects an account's been compromised, it automatically resets the password and sends an e-mail to the account holder. While TechCrunch's Twitter account was indeed compromised, for the majority of users, the password reset was triggered by mistake — the mechanism got a little trigger-happy and started resetting passwords for accounts that weren't, in fact, compromised. Says Twitter:
In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused.
Twitter wouldn't reveal how the mass reset was triggered or the number of accounts that accidentally received the password reset email, but if you got one, it's maybe worth updating your password to something different, since there's no way to tell if you got a bogus alert or the real deal.
The text of the e-mail, via TechCrunch:
Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We’ve reset your password to prevent others from accessing your account.
You’ll need to create a new password for your Twitter account. You can select a new password at this link:
As always, you can also request a new password from our password-resend page: https://twitter.com/account/resend_password
Please don’t reuse your old password and be sure to choose a strong password (such as one with a combination of letters, numbers, and symbols).
In general, be sure to:
Always check that your browser’s address bar is on a https://twitter.com website before entering your password. Phishing sites often look just like Twitter, so check the URL before entering your login information!
Avoid using websites or services that promise to get you lots of followers. These sites have been known to send spam updates and damage user accounts.
Review your approved connections on your Applications page at https://twitter.com/settings/applications. If you see any applications that you don’t recognize, click the Revoke Access button.
For more information, visit our help page for hacked or compromised accounts.
The Twitter Team
Oh, a word of advice: If you get an e-mail like this, it's generally safer to manually type in the URL to reset your password — https://twitter.com/account/resend_password in Twitter's case — rather than clicking the password reset link included in the e-mail, since bogus password reset e-mails with phony links are a pretty common tactic used in phishing attacks to harvest user accounts and passwords. (And then your account would be compromised.)
Twitter also points to this handy link for Twitter account security tips. You don't want to be one of those people people after all, tweeting about how to get free sex and up your follower count by CLICKING THIS LINK.