At Twitter, we have a system that issues a login challenge when a suspicious login is detected on Twitter. The user gets prompted with a simple question about their account to verify the attempt is legitimate before granting access. On April 30, we are going to begin implementing this same system across third parties in order to further prevent account compromise.
This change affects third parties that use xAuth (If you are using 3-legged OAuth or Fabric you will not be affected). Once we implement the change, when a suspicious login is detected from your site or app that uses xAuth to authenticate, the user will not be able to log in and will receive an email from Twitter with a temporary passcode, which they will need to enter in order to log in to continue using your service. API error code 329 is what you’ll see when a suspicious login is detected from one of your users.