Some 250,000 Twitter accounts have been hacked, with passwords stolen, the social network has announced. So if you see an email from the little blue bird telling you to reset your password, rest assured it's genuine.
It was part of a wave of attacks that also tried to compromise users of the New York Times and Wall Street Journal, according to the company's blog post. Twitter discovered one attempt in progress, and managed to shut it down. But not before "usernames, email addresses, session tokens and encrypted/salted version of passwords" for a quarter of a million users were accessed.
If you're one of that unlucky throng, you should've had an email telling you so. Your old password won't work, as Twitter has disabled it, so you'll need to create a new one.
Twitter recommends choosing a password of at least 10 characters, with a mixture of upper and lowercase letters, numbers and symbols. It also advises disabling Java in your browser, for greater security.
The hack wasn't a one-off, either. "This attack was not the work of amateurs, and we do not believe it was an isolated incident," Bob Lord, director of information security, wrote in the blog post. "The attackers were extremely sophisticated, and we believe other companies and organisations have also been recently similarly attacked."
Maybe that Google password ring doesn't sound so ridiculous after all, eh?
According to our sister site CNET News, it's mostly the earlier accounts that have been compromised -- bad news if you set up on the microblogging service back in 2006 or 2007.
Were you one of those affected? Have you noticed anything fishy going on with your account? And can you recommend a good password-remembering service to keep all your logins stored in one place? Let me know in the comments, or on our Facebook page.