The company came forward and confirmed the attack in a Twitter thread, writing that it was “aware of an issue in which some member accounts were accessed and/or charged without their authorization.”