Two unrelated reports of possible security breaches, one at Twitter which is confirmed in a blog post and one for Anshe Chung which is uconfirmed but seems to be true, as reported by Shiloh Lyric over at SLUniverse.
I saw in my Twitter feed last night that people were reporting they’d received an email from Twitter informing them that their passwords had been reset, then others pointing to that Twitter blog post to confirm that this might not be a phishing attack. However even the existence of a blog post doesn’t mean it’s not a phishing email, so if you receive one, tread with caution. The Twitter blog post actually has some good tips on password securit, such as trying to make your password at least ten characters, use a mixture of upper and lower cases letters, numbers and symbols and don’t use the same password on multiple sites.
Twitter are also advising people to follow the advice of the US Department of Homeland security and disable Java on their computer.. and then rewinding a little to tell people to disable in their browser.
The email on the Anshe Chung issue is interesting in some ways, because it was sent by Linden Lab and relates to Second Life passwords. However it should be noted that this is not due to a security breach at Linden Lab.