Staff at the social media site detected "unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data," according to a statement posted on Twitter's website on Friday afternoon.
"We discovered one live attack and were able to shut it down in process moments later," wrote Twitter's director of security, Bob Lord.
"However, our investigation has thus far indicated that the attackers may have had access to limited user information – user names, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users."
As a precautionary measure, the website reset the passwords of the affected accounts, and sent emails to those affected advising them of the changes.
The website linked the attack to an increase in large-scale cyber attacks on several large U.S. technology and media companies.
"Within the last two weeks, the New York Times and Wall Street Journal have chronicled breaches of their systems, and Apple and Mozilla have turned off Java by default in their browsers," said the statement.
"This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated."
Twitter staff advise everyone to disable Java in their browsers and make sure they are using unique passwords for different websites, each made from a combination of symbols, numbers and upper and lower case letters.