The company said it has been targeted by hackers this week who may have made off with user names and passwords Twitter’s servers have been breached by “extremely sophisticated” hackers who may have made off with user names and passwords for about 250,000 users, the company said Friday. Twitter said unusual access patterns led it to identify the attacks, which took place during the past week.“We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information — usernames, email addresses, session tokens and encrypted/salted versions of passwords — for approximately 250,000 users,” Twitter Director of Information Security Bob Lord said in a blog post.Twitter reset the passwords and revoked session tokens for the accounts, and said it was emailing the affected users Friday and telling them to reset their passwords. “This attack was not the work of amateurs, and we do not believe it was an isolated incident,” the company said in its post.It noted that The New York Times and The Wall Street Journal also said they’d been targeted by hackers this week. Those companies said the attacks originated in China, but Twitter did not point to a country of origin. Twitter said it thinks other companies and organizations have recently been similarly attacked.It urged all its users to ensure they are using strong passwords on Twitter and elsewhere on the Internet. Passwords should be at least 10 characters and use a mix of upper- and lowercase letters, as well as numbers and symbols, the site said.“Using the same password for multiple online accounts significantly increases your odds of being compromised,” Twitter said. “If you are not using good password hygiene, take a moment now to change your Twitter passwords.”The company said it was still gathering information about the attacks and is working with federal law enforcement agencies to prosecute the attackers.James Niccolai covers data centers and general technology news for IDG News Service. Follow James on Twitter at @jniccolai. James’s e-mail address is james_niccolai@idg.com Related content news analysis DHS unveils one common platform for reporting cyber incidents Ahead of CISA cyber incident reporting regulations, DHS issued a report on harmonizing 52 cyber incident reporting requirements, presenting a model common reporting platform that could encompass them all. By Cynthia Brumfield Sep 25, 2023 10 mins Regulation Regulation Regulation news Chinese state actors behind espionage attacks on Southeast Asian government The distinct groups of activities formed three different clusters, each attributed to a specific APT group. By Shweta Sharma Sep 25, 2023 4 mins Advanced Persistent Threats Cyberattacks feature How to pick the best endpoint detection and response solution EDR software has emerged as one of the preeminent tools in the CISO’s arsenal. Here’s what to look for and what to avoid when choosing EDR software. By Linda Rosencrance Sep 25, 2023 10 mins Intrusion Detection Software Security Monitoring Software Data and Information Security feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Data and Information Security IT Leadership Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe