Twitter has 200 million active users. About 250.000 users’ passwords have been stolen, as well as usernames, emails and other data. Affected users have had passwords invalidated and have been sent emails informing them. The attack was not the work of amateurs! And not an isolated incident!
Internet security specialist Graham Cluley warned Twitter’s announcement that emails would be sent to users may prompt a spate of spam emails ”phishing” for sensitive information. People should be cautious about opening emails which appear to be from Twitter.
Log into the Twitter site as normal and try and log in to your account and, if there’s a problem, that’s when you actually have to try and reset your password.
The biggest worry for most of Twitter’s active users is not this attack per se, but the additional new ”phishing” scams the attack has already inspired.
Do not click on links in emails asking you to change your password.