When Mashable.com cites your website, you know you’re doing something right. Andrew Girdwood must be thinking that as a lot of people are following his lead when Mashable’s Stan Schroeder reported early this morning:

Numerous Twitter users are pointing out that Twitter forced them to change their passwords out of the blue. According to blogger Andrew Girdwood, these users have received an e-mail containing the following message: “Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset,” together with a link for resetting the password.

Although the e-mail itself looks like a phishing attack, it’s genuine; it seems that admins at Twitter have discovered something fishy is going on, and they’re trying to prevent further damage before it happens.

I’ve been reading up on this all morning (with postings from TechCrunch and The Washington Post as examples); and while this situation shouldn’t be taken lightly, I am not scrambling to change my passwords on my accounts. Why?

1. I’m finding out about this scam via Twitter.
2. The people on Twitter are finding out via an “official email” from Twitter.com.
3. On Twitter’s Status and News blogs and on Twitter’s own feed, there is no mention of this phishing scam whatsoever.

Seeing as through email and social networks is how phishers work, this gives me a moment’s pause. And it should do the same for you, too.

Before concerning yourself with changing of passwords and falling prey to a malicious hacker, follow this simple checklist:

• Check your third party clients (TweetDeck, DestroyTwitter, etc.) and see how they are behaving. If they are connecting with Twitter, you are doing just fine.
• Check Twitter Status. This is one of two blogs that keep users in the know about what is happening on Twitter. This particular blog is more technically oriented, but reports outages and hostile actions such as DoS attacks.
• Check Twitter’s Blog. This is news and developments from Twitter’s home base, and usually developers will give commentary here on any hacker attacks, interface redesigns, or serious issues that Twitter is encountering at that time.
• Follow @Twitter’s feed. No, they might not answer a query, but with something as serious as this there may be some updates in their feed that can give you sound advice on how to fix a potential problem.

As of the posting of this column, there has been no solid confirmation from Twitter of this phishing attack. While many are tweeting and retweeting that something is up in the network, it does not necessarily mean that it is actually happening. Always check with Twitter before taking action. It may be a moment’s hesitation, but in that brief second you may be able to avoid unwanted stress and undue inconvenience.

Keep an eye on the Bird House for more as this develops.

UPDATE, 12:58pm EST: With special thanks to Lila Scot, another resource to check is @safety, Twitter’s Trust and Safety account. They did have a post about this at 11:26 am, several hours after Mashable, The Washington Post, et. al. went live with their postings. However, there is still no mention of this being a phishing attack.

UPDATE, 3 February, 11:25am EST: I checked @safety this morning and saw that there was a posting in Twitter Status that mentions the importance of changing your password. While what they describe is a phishing attack, the situation from yesterday appears to be less of an attack and more of a preemptive strike from the Twitter Safety Team headed up by Del Harvey. Whatever the case may be, it appears that all is right in the Twitterverse and our status is at green. You are now free to tweet happily. Make it so.