You might have received an email over the weekend prompting you to change your Twitter password. If you’re confused, the company had good reason to alert you.
On Friday, Twitter detected “unusual access patterns,” which meant the service was being hacked. While the company was able to shut down one attack while it was in progress, Twitter discovered that up to 250,000 accounts had been compromised.
“This attack was not the work of amateurs, and we do not believe it was an isolated incident,” stated Bob Lord, Twitter director of information security. “The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked.”
Hackers might have had access to usernames, email addresses, session tokens, and encrypted passwords. To be safe, Twitter reset passwords and revoked session tokens for the affected accounts. This means that existing passwords for the affected accounts no longer work. If you had trouble logging in at all this weekend, check your inbox and spam folders for Twitter’s email prompt.
Twitter also used this opportunity to urge members to beef up personal security by following “good password hygiene.” For example, use a strong password at least 10 characters and a mixture of upper- and lowercase letters, numbers, and symbols. It’s also wise to use unique passwords — using the same one for multiple accounts significantly increases your chances of being compromised.
At this time, no other details about the hack have been released. Although only a small percentage of Twitter’s user base was affected, it’s recommended that all members — regardless of whether you received an email — reset passwords that meet the requirements suggested above.