Twitter said today that it detected "unusual access patterns" on its network this week, which indicated that attackers might have accessed the user data of approximately 250,000 users.
The micro-blogging site said that it discovered "one live attack and [was] able to shut it down in process moments later." But it's likely that the hackers still gained access to things like usernames, email addresses, session tokens and encrypted/salted versions of passwords.
As a result, Twitter has reset the passwords and revoked session tokens for the affected accounts. Those involved will receive an email from Twitter notifying them that they will have to reset their password. "Your old password will not work when you try to log in to Twitter," Twitter said in a blog post.
"This attack was not the work of amateurs, and we do not believe it was an isolated incident," Twitter said. "The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users."
Even if your account was not affected, Twitter urged members to use this experience to make sure they are "following good password hygiene, on Twitter and elsewhere on the Internet."
That includes having a password that's at least 10 characters long with a mixture of upper- and lower-case letters, numbers, and symbols - and not using that password across a number of sites.
"If you are not using good password hygiene, take a moment now to change your Twitter passwords," Twitter said.