If you receive a notice from Twitter like the one below, it is a legitimate note. It seems that Twitter was hacked and exposed the information of up to around 250,000 accounts.
Read "Twitter Hacked, 250,000 User Accounts Potentially Compromised" from AllThingsDIgital
While Twitter makes note to check your address bar to insure it says Twitter.com, if you receive this notice, don't click on the link in the email but rather log into your Twitter account directly by visiting http://twitter.com and logging in. If you need to change your password, Twitter will force you through that process. Some good new -- since most external sites that access Twitter now use OAuth to connect to Twitter (which does not use or know you main Twitter password) you shouldn't have to change passwords on any external sites that are linked to your Twitter account.
By visiting the site manually, you insure you are talking directly to Twitter.com and not some malware site. By the way, this is good advice whenever you think that an email might be attempting to "phish" your account information. Visit the site directly to be sure you are connected to the real site and not some fraudulent one.
Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We've reset your password to prevent others from accessing your account.
You'll need to create a new password for your Twitter account. You can select a new password at this link:
As always, you can also request a new password from our password-resend page: https://twitter.com/account/resend_password
Please don't reuse your old password and be sure to choose a strong password (such as one with a combination of letters, numbers, and symbols).
In general, be sure to:
- Always check that your browser's address bar is on a https://twitter.com website before entering your password. Phishing sites often look just like Twitter, so check the URL before entering your login information!
- Avoid using websites or services that promise to get you lots of followers. These sites have been known to send spam updates and damage user accounts.
- Review your approved connections on your Applications page at https://twitter.com/settings/applications. If you see any applications that you don't recognize, click the Revoke Access button.
For more information, visit our help page for hacked or compromised accounts.