Many (many) Twitter accounts have been hacked
Today, hundreds (more?) Twitter accounts posted a Tweet along the lines of:
We don't currently know how, who, or when Twitter will have the situation remedied. But in the meantime, here are some actions you can take.
1. No Judgement
Two-factor authentication is absolutely something you should use. You should have it enabled on any account you can. However, your two-factor authentication would not have stopped this particular hack. Protect yourself when and how you can. When you can't protect yourself, take steps to remediate the issue.
2. Don't send money to the scammers.
No further instructions necessary.
3. Revoke permissions for apps connected to your Twitter account.
Go to this page: https://twitter.com/settings/applications
Click on each of the apps that are listed. Click to revoke permissions.
Do this even if you really like using those apps. Revoke all permissions until Twitter resolves this.
4. Log out of all sessions.
While you're in the settings of your Twitter account, you should also log out of all other sessions.
This will log out all other places where you're currently signed in to Twitter - your phone, your computer, your tablet, etc. If you're sharing a Twitter account with other folks, it will love them out as well.
Do this now, even though it will disrupt your workflow. You can re-set it up once Twitter has this fixed.
5. Make sure you're not mistakenly a part of any Twitter "Team".
Go to this page: https://help.twitter.com/en/using-twitter/tweetdeck-teams
Read it, follow the directions for "Removing yourself from a team."
6. Reset your Twitter password. Enroll in 2fa.
Go to this page: https://twitter.com/settings/security
Follow the instructions.
If you can use an app to generate your second factor, do that. Use SMS second factor as a last resort. Really not recommended. But it is better than nothing.