The hackers then used their access to the celebrity sites to inject prank posts. CNN's Rick Sanchez's account reads, "I'm high on crack right now and might not be coming to work today." Meanwhile, attackers infiltrated Britney Spears' account to inject sexually explicit comments.

In addition, attackers gained access to numerous accounts through a widespread phishing attack launched over the weekend. The hackers infiltrated the accounts by impersonating an e-mail message that looks as though it's coming from someone the user knows. The message contains a link that redirects users to a fake Web site, twitter.login-access.com, where they are instructed to submit passwords and login information that looks as if it came from the Twitter site. In reality, the phony Web site originates from China and contains malware, experts say.

Twitter posted a security advisory on its site Monday, warning users of the phishing attack. "If you receive a direct message or a direct message e-mail notification that redirects to what looks like Twitter.com—don't sign in. Look closely at the URL because it could be a scam," the advisory warns.

The attack was first detected by blogger Chris Pirillo, who warned users of the attack after falling for the scam. Security experts say that since the phishing attack was launched over the weekend, they have seen it develop into a full-scale malware attack, infecting numerous users who have visited the fake Twitter site.

"We've seen them go after very high-profile celebrities," said Marian Merritt, Internet safety advocate for Symantec Inc. "I think we're seeing it move from the theoretical to very traditional types of attacks."

According to Twitter, however, the celebrity hacks and the phishing attacks aimed at Twitter users were not related.

Security researchers and bloggers alike advised Twitter users to avoid clicking on unfamiliar links, and immediately change their login credentials if they think they fell victim to the phishing attack. "DO NOT VISIT the URL in question," Pirillo writes. "It will redirect you immediately to a suspicious domain: twitter.access-logins.com—notice the subdomain?" But even after the attack subsides, security experts say that users can expect to see more attacks launched on sites like Twitter, as well as more sophisticated attacks on other social media such as Facebook.