Twitter hacked -- approximately 250,000 accounts affected
If you've just received an email from Twitter warning that as a precautionary security measure the micro-blogging site has reset your Twitter account password, and inviting you to create a new one, you should take it seriously. Very seriously.
According to Twitter the service recently "detected an attack on our systems in which the attackers may have had access to limited user information -- specifically, your username, email address and an encrypted/salted version of your password (not the actual letters and numbers in your password)".
Details of the attack can be found in a blog post in which Twitter explains that the attackers may have gained access to details for approximately 250,000 users. A relatively small proportion, seeing that Twitter has 200 million active monthly users.
Twitter goes to explain that "this attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users".
I'm among the 250,000 users who were affected by this hack and this morning received two messages from Twitter. The first warning that my password had been reset, and the other containing a link to create a new one. If you receive the same messages and, like me, are adverse to clicking these kind of links (this is the perfect opportunity for phishers of course) you can just go to Twitter and try to log in. Enter your old email address, phone number, or username and Twitter will send you a fresh reset link.
The micro-blogging site says that while "only a very small percentage of our users were potentially affected by this attack, we encourage all users to take this opportunity to ensure that they are following good password hygiene, on Twitter and elsewhere on the Internet. Make sure you use a strong password -- at least 10 (but more is better) characters and a mixture of upper- and lowercase letters, numbers, and symbols -- that you are not using for any other accounts or sites".
All good advice of course. So whether you received the emails or not, now is a very good time to change your Twitter password because you can never be too careful.