What I don't get here is that Twitter told _you_ that they believed your account had been compromised. I may be well off here, but doesn't this that they probably had a pretty good idea _how_ it had been compromised - when and through what service. If this is the case, then they owe it to you to pass that nugget of information along, and perhaps even revoke (or suspend?) the token for the suspect service. They didn't give you an idea of what triggered this alert?