Twitter says hacking attack may have affected 250K users
2nd Feb 2013 | 01:13
Who's behind the breach?
Twitter is the latest entity to undergo a security breach in the last few days, following large-scale attacks on the New York Times and Wall Street Journal.
"This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data," wrote Bob Lord, director of information security, in a blog post. In all, 250,000 user accounts may have been affected by hackers.
Lord recounted how the company actually intercepted an attack as it was happening, shutting it down "in process" within moments.
"Our investigation has thus far indicated that the attackers may have had access to limited user information - usernames, email addresses, session tokens and encrypted/salted versions of passwords...," Lord continued.
As a preventative measure, Twitter reset the passwords and revoked session tokens for potentially impacted accounts. Users whose accounts were compromised should receive an email alert from the company shortly if they have not received one already.
These users will need to change their passwords - "Your old password will not work when you try to log in to Twitter."
Twitter does not think that the breach was not the work of amateurs.
"[We] do not believe it was an isolated incident," Lord wrote. "The attackers were extremely sophisticated, and we believe other companies and organizations were similarly attacked.
"For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the internet safer for all users."
According to data released this week by GlobalWebIndex, Twitter reached 485 million members in 2012.
In addition to the Times and Journal, Lord also noted that Apple and Mozilla turned off Java by default in the companies' browsers following security concerns.
Lord too warned against Java in his post.
"We also echo the advisory from the U.S. Department of Homeland Security and security experts to encourage users to disable Java on their computers," he wrote.
A Twitter spokesperson would not disclose whether the attacks were isolated to the U.S. or had impacted other regions, citing security and privacy reasons.
While Twitter is taking action, Lord recommended users follow "good password hygiene" on Twitter and elsewhere, advice that may be well worth taking.