Really Gone Phishing?
The Twitter' solution to re-take control over the user's own accounts is to reset the password. But what if the scammer has already changed the email address in the personal profile and he will get the reset link instead of the genuine owner? Isn't there any other method? I doubt scammers didn't think about this and first thing they did on the hacked account was to change the email address.
Any comments?