Attackers may have gained access to 250,000 accounts on Twitter, the microblogging site said. It's time to change your password…again. The site's security team identified multiple access attempts by unauthorized individuals to access user data this week, the Bob Lord, director of information security, wrote on the Twitter blog on Friday afternoon. The company also uncovered "one live attack" and shut it down while it was still in progress moments later, Lord said.

Further investigation revealed that attackers were able to access a subset of user data, including usernames, email addresses, session tokens, and encrypted/salted passwords, belonging to approximately 250,000 users, Twitter admitted in the post. Lord did not provide any additional information about the security breach, nor did he say whether any of the exposed accounts had been illegally accessed.

"As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts," Lord wrote. Paul Ducklin over at Sophos explains what attackers can do with stolen session token on the NakedSecurity blog.

Whodunnit? Who Knows?
Lord did not speculate as to who may have been behind the attacks.

"This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked," Lord wrote.