The site’s security team identified multiple access attempts by unauthorized individuals to access user data this week, the Bob Lord, director of information security, wrote on the Twitter blog on Friday afternoon. The company also uncovered “one live attack” and shut it down while it was still in progress moments later, Lord said.
Further investigation revealed that attackers were able to access a subset of user data, including usernames, email addresses, session tokens, and encrypted/salted passwords, belonging to approximately 250,000 users, Twitter admitted in the post. Lord did not provide any additional information about the security breach, nor did he say whether any of the exposed accounts had been illegally accessed.
“As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts,” Lord wrote.