Someone told me today that they got an email from Twitter telling them their account had been locked and they needed to change their password. They said the assumed it was phishing–but that when they went to log in to Twitter, it indeed wouldn’t let them log in until they’d changed their password.
But I can’t find any record anywhere online of a mass Twitter breach–and if there wasn’t one, how would Twitter know this particular account was compromised?–and moreover, at Twitter’s help pages I don’t see anything indicating they’d ever send an email about an account compromise.
I’m terribly afraid this person “logged in” through a link in the email–hence falling for a phishing scheme. But if I ask them if that’s what they did, well, that could be pretty insulting.
Don’t want to risk insulting this person til I’ve become really certain that there was no kind of mass breach of twitter accounts. Do you guys know of any such?