Twitter said users whose security was compromised will be receiving an email with instructions to create a new password.
"Your old password will not work when you try to log in to Twitter," said Bob Lord, Twitter's director of security.
– Bob Lord, Twitter
We encourage all users to take this opportunity to ensure that they are following good password hygiene, on Twitter and elsewhere on the Internet.
Make sure you use a strong password – at least 10 (but more is better) characters and a mixture of upper- and lowercase letters, numbers, and symbols
Twitter also advised that users do not use the same password more than once across other services and accounts.
Twitter's director of information security, Bob Lord said the hacking attack on the social networking site "was not the work of amateurs".
This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.
In its statement to users, Twitter said that it reset the pilfered passwords which had been hacked and sent users emails advising them that they will have to create a new one.
Twitter noted a recent surge in security breaches at several U.S. media and technology companies.
The New York Times and The Wall Street Journal reported this week that their computer systems had been infiltrated by China-based hackers.
Twitter says hackers may have gained access to information on around 250,000 of its more than 200 million active users.
Twitter has issued a message to reassure its users after the social networking site detected "unusual access patterns" that led to "unauthorized access attempts to Twitter user data".
In a statement on Twitter's blog it said that its investigation had detected that attackers may have had access to usernames, email addresses and passwords for around 250,000 users.