Twitter, including several Twitter accounts were hacked today Thursday November 8th, 2012 by an anonymous hacker or collective of hackers. While it is not released if any internal information was compromised or impacted, nor for what reason the attack was initiated, Twitter is taking the attack very serious and resetting what seems like hundreds of thousands of compromised account passwords.
Having said this, if you receive an email from Twitter asking to change or reset your password do not misinterpret it as a phishing attempt from a third party. it’s actually Twitter getting things in order.
At this point in time, Twitter is not allowing any compromised or potentially compromised accounts to login to Twitter without going through the process of resetting their passwords.
Compromised Account Login/Reset
For those accounts that are potentially compromised by the attack today, the micro-blogging service will, on log-in, stop you and ask you for one of three pieces of information: your phone number, your email address or your Twitter handle.
As soon as you provide one bit of information, the service immediately sends you a password reset email that looks like this:
The email contains a link for a page where you create a new password. It does not ask you for your old password, but does request you type in the new one, twice.
Here’s what Twitter officially released:
…In instances when we believe an account may have been compromised, we reset the password and send an email letting the account owner know this has happened along with information about creating a new password. This is a routine part of our processes to protect our users.
In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused.