And for people trying to puzzle out who was impacted, several these accounts (all with random strings for passwords, btw) were barely ever used at all, often not for several years. The only thing they had in common was their early creation date, and hence relatively low user ids. My guess is that the hackers simply scanned user ids starting from 1 and worked their way up.
I'm seeing a ton of people I know on twitter complain - I'm user 5511, and these are people who joined at the very beginning too - so your theory is indeed apparently correct. I got an email myself, and reset my already super complex password.
I don't know what # user I am (how can I get this information?) but my twitter account was also created in 2007 (on the 8th of April says whendidyoujointwitter.com) and is still active. Also received the email.
That would explain the high incidence among hackers, who are more often early adopters. I've been surprised by how many people I've heard of getting the email, including people in this comment thread and myself, considering only 250,000 emails were sent out of their couple hundred million accounts.
Twitter employee, here. At one point in time, auto_increment_increment was > 1 on the MySQL master for uid generation. This led to many holes in the uid range.
I've been suspecting the same thing. Two of my accounts received the email, both created several years ago, while none of my newer accounts have been compromised.