Twitter reports recent attack that may have compromised 250,000 user accounts
The attack is the latest against large sites, including the New York Times and Wall Street Journal
Affected users will receive an e-mail instructing them to reset their passwords
Twitter recommends all users have strong passwords and disable Java in their browsers
Twitter is coming forward as the latest site to be hacked. The social network said in a blog post Friday afternoon that approximately 250,000 user accounts were potentially compromised, with attackers gaining access to information including user names and email addresses.
The company first detected signs of an attack earlier in the week, which led to an investigation and the discovery of a larger breach.
“This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later,” said Bob Lord, Twitter’s director of information security, in a post. “However, our investigation has thus far indicated that the attackers may have had access to limited user information.”
Twitter has reset the passwords and revoked session tokens, which allow you to stay logged into the service without reentering a password, for all of these accounts. Affected users will not be able to log in and will receive an e-mail instructing them to reset their password. The post doesn’t go into details about the methods the attackers used, but does refer to a recent Java vulnerability. The Department of Homeland Security recently warned users about the issue and suggested they disable Java in their browsers unless “it is absolutely necessary.”
This attack follows major security breaches at the New York Times and the Wall Street Journal, which were both attributed to Chinese hackers. The New York Times suspects it was in response to negative coverage of the Chinese Prime Minister Wen Jiabao, and the Journal said evidence pointed to an attempt to “target the monitoring of the Journal’s coverage of China.”
The Washington Post announced late Friday that it too had experienced attacks that fit the profile in 2011, and Bloomberg News acknowledged that it was targeted but said no computers were compromised.
While the Twitter post does not mention China or blame the hacks on any specific country or group, it does mention the news organization hacks.
“This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked,” said Lord.
A quarter-million accounts is a small segment of Twitter’s 200 million monthly active users worldwide. However the company offers tips for all of its users going forward, including using strong passwords that mix numbers and symbols with upper- and lowercase letters, not using the same password for multiple accounts, and disabling Java.