When Mashable.com cites your website, you know you’re doing something right. Andrew Girdwood must be thinking that as a lot of people are following his lead when Mashable’s Stan Schroeder reported early this morning:

Numerous Twitter users are pointing out that Twitter forced them to change their passwords out of the blue. According to blogger Andrew Girdwood, these users have received an e-mail containing the following message: “Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset,” together with a link for resetting the password.

Although the e-mail itself looks like a phishing attack, it’s genuine; it seems that admins at Twitter have discovered something fishy is going on, and they’re trying to prevent further damage before it happens.

I’ve been reading up on this all morning (with postings from TechCrunch and The Washington Post as examples); and while this situation shouldn’t be taken lightly, I am not scrambling to change my passwords on my accounts. Why?

1. I’m finding out about this scam via Twitter.
2. The people on Twitter are finding out via an “official email” from Twitter.com.
3. On Twitter’s Status and News blogs and on Twitter’s own feed, there is no mention of this phishing scam whatsoever.