"We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users."
Twitter has revoked tokens & forced password resets for impacted accounts, they also suggest disabling Java in browsers, and using at least a 10 character password.
All very good security advice.
I am actually impressed with information they provided in that post. Well done message for general audience.