UPDATE: Twitter admits that they reset many accounts unnecessarily on November 7. Meaning that even though many individual accounts were hijacked, Twitter otherwise broke itself. And though they don’t say so, the hijack attempts may have been primarily from China.
If you received an email that looks similar to the one below, it is probably NOT fake, and you need to reset the password on your account.
If you want to be absolutely safe, instead of clicking the links in the email, instead open your browser and type in “twitter.com” and try to login. Twitter.com will then redirect you to change your password.
These emails often go out when large numbers of Twitter accounts have been hijacked. Sometimes, just to be safe, Twitter will even send these to accounts that have NOT been hijacked, trying to make sure to catch everyone that HAS been hijacked.
How Accounts Get Hijacked
When a Twitter account is hijacked, the most common reason is that the person who owned the account accidentally logged into a fake Twitter page.
When you type your password into a page that is NOT Twitter, it gets stolen. Of course, who would do that?
The trick is that the hijackers make the page look EXACTLY like Twitter, except for the address (URL) of the webpage.
You can find yourself at one of these fake pages when you click a link and find yourself at what looks like a Twitter login page, but is actually a fake look-alike page. If you forget to check the URL at the top of the page to make sure you’re actually at Twitter, and not some fake look-alike site, they enter their username and password and the hijacker gets their password.
So the trick has two parts: (1) Getting you to click a link (2) Getting you to enter your password. As long as you don’t fall for step (2) you’re safe!
So always remember: Just because it looks like Twitter doesn’t mean it is!
Always check the URL of the page, or, better yet, type “twitter.com” into the address bar of your browser and press enter to make sure you’re actually at Twitter.com.
The next step is usually that the hijacker will start sending out DMs from your account, usually trying to hijack other accounts. These can be DMs that say things like “was this you in this pic?” or “people are saying bad things about you here:”
Twitter blocks the links in these DMs from working fairly quickly, but they do work for the little while it takes Twitter to figure out they should be blocked, and the hijackers change the URLs after they are blocked to try to keep catching new people.
Sometimes hijackers will send out a large wave of DMs from all the accounts they have compromised. When this happens, Twitter notices, and may send out a large number of password reset emails, trying to catch everyone who may have been compromised. This can happen several times a year.