A Twitter investigation poured cold water on the claims, suggesting that up to 20,000 were duplicates and that many were spam accounts which had already been suspended by Twitter.
It does appear though that a proportion of the accounts were legitimate, and Twitter has advised concerned users to change their passwords. It's not yet known how the accounts were compromised; one possible method is that details of legitimate accounts were phished from users using fake Twitter pages.
What to do
Twitter have sent out password resets to accounts affected by this incident, so if you haven't had an email you should be unaffected. However, if you are concerned that your Twitter details may have been compromised or you've noticed strange activity on your account, you should visit the official Twitter website as soon as possible, log in, and change your password. If you use that password on other websites, you should change the password on those too.
If you are unable to log into your Twitter account you should visit Twitter's compromised accounts page for assistance.