Twitter on Friday disclosed that an attack against the social network may have exposed usernames, email addresses, session tokens and encrypted/salted versions of passwords of approximately 250,000 users.
Twitter added that it discovered the live attack and was able to shut it down in process moments later. However, as a precautionary security measure, Twitter's engineers have reset passwords and revoked session tokens for these accounts. If your account was one of them, you will have recently received an email from Twitter at the address associated with your Twitter account notifying you that you will need to create a new password.
Twitter encouraged all users to ensure that they are following good password hygiene - choose strong passwords (at least 10 characters and a mixture of upper- and lowercase letters, numbers, and symbols.)
Twitter also echoed the advisory from the U.S. Department of Homeland Security and security experts to encourage users to disable Java on their computers in their browsers.
Twitter added that the attackers were "extremely sophisticated."
The attack against Twitter follows a a recent uptick in large-scale security attacks aimed at U.S. technology and media companies. Within the last two weeks, the New York Times and Wall Street Journal have chronicled breaches of their systems, and Apple and Mozilla have turned off Java by default in their browsers. On Friday, The Washington Post also disclosed that it was the target of an cyberattack, which was discovered in 2011.
The string of cyberattacks are probably linked to the secretive Beijing government, according to analysts.