Yes, it’s likely real. Twitter is encouraging users to follow “good password hygiene” tonight after revealing that hackers might have gained access to a quarter-million usernames, email addresses and encrypted passwords this week.
In a blog post, Twitter has announced that it has reset passwords and revoked session tokens for those users it believes were affected by the attack. If you’re having trouble logging in with your usual password, you might have been among those affected.
As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts. If your account was one of them, you will have recently received (or will shortly) an email from us at the address associated with your Twitter account notifying you that you will need to create a new password. Your old password will not work when you try to log in to Twitter.
Twitter describes the attack as “extremely sophisticated.”
This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.