Sadly, no, this is not another drill. According to Twitter, some 250,000 user accounts were compromised by what it calls an “extremely sophisticated” attack, in the same class as those that hit the Wall Street Journal and the New York Times in recent weeks.
The blog post states an investigation into the incident revealed that “usernames, email addresses, session tokens and encrypted/salted versions of passwords” were obtained by the hackers. To be on the safe side, the sessions tokens have been revoked and users affected will be asked via email to change their passwords, though even if you don’t get an email, it might be wise to pick a new one anyway.
It goes on to provide advice on how to create a strong password and that it will be cooperating with law enforcement agencies to track down those responsible. “This attack was not the work of amateurs, and we do not believe it was an isolated incident,” it states in the final paragraph, “For that reason we felt that it was important to publicise this attack while we still gather information.”
[Twitter, via TechCrunch]