In the past few days Twitter has been faced with two security headaches. First there were reports on Saturday of a phishing email doing the rounds that was tricking people into giving away their Twitter passwords. Yesterday Twitter announced that 33 accounts had been hacked, including some prominent users such as Barack Obama.
The phishing email was designed to look like a notification of a direct message from Twitter. Clicking it brings you to a page that looks like Twitter, but it is not.
While some would question the reason why a hacker would want to access your Twitter account, the fact still remains that any account could have been compromised. Twitter states that 33 accounts were hacked in the second attack, but presumably that can only be the 33 that they know about.
According to the Twitter blog the hacker managed to gain access to some of Twitter’s internal tools that they use to manage users’ accounts.
Whenever you learn that a website has been compromised it is always a good idea to change your password, just in case. You should also check that the email address associated with your Twitter account is correct, and has not been changed.
And of course, always be suspicious of any hyperlinks in email messages. For the sake of safety open up a new browser window and type the address in manually, rather than following the link.