What exactly happens when the imposter goes to authenticate themselves on a site that you've already authorized using OAuth? As pzupan says above, twitter could at least say when the last authorization happened. They could also keep a count of authorizations for each site, so if you know you've only been through the process once on each, you'd be able to see immediately which one has been compromised.