The hacker group known as "LulzSec Reborn" claimed to have hacked into the TweetGif website (tweetgif.com) and compromised the database. TweetGif is a thirt-party twitter app that lets users share animated GIFs.
After the security breach, the hackers dumped a part of database that containing the credentials for more than 10,000 Twitter accounts. The dump contains access tokens and the associated access token secrets which can be used to access users' Twitter accounts.
The leak also contains users names, locations, bio information, links to avatars, and the date of the last update.
The tokens remain valid even when the account password is changed. If you used the app, all you need to do is head into Twitter's settings and revoke access to the app—no massive password changes required.