From the Beeb:
Security experts have, however, raised concern that BA initially sent out emails asking users to click on a link to reset their passwords.
"That's a classic trick used by criminals phishing for login credentials," noted security consultant Graham Cluley.
BA said it had removed the link from subsequent emails and suggested concerned members contact its service centre.
They should apologise for employing idiots.
If you are a 'concerned member' browse to BA's Executive Club page (I won't post a link here) log-on and change your password.