Twitter Confirms up to 250,000 Users Compromised in Hacking Attack

Twitter Confirms up to 250,000 Users Compromised in Hacking Attack

by -
0

Twitter has confirmed that up to  a quarter of a million user accounts may have been subject following a security  breach by “sophisticated” hackers.

In a post made to Twitter’s official blog on Friday, the social networking firm explained the  steps it would be taking to safeguard users following an incident in which it  shut down a live attack on the company’s servers.

twitter-bird

“This week, we detected unusual access patterns that led to us identifying  unauthorized access attempts to Twitter user data,” said Bob Lord, Twitter’s  director of information security. “We discovered one live attack and were able  to shut it down in process moments later.

“However, our investigation  has thus far indicated that the attackers may have had access to limited user  information – usernames, email addresses, session tokens and encrypted/salted  versions of passwords – for approximately 250,000 users.

Twitter users  whose accounts may have been compromised will automatically be logged out and  receive notification that they need to create a new password.

“As a precautionary security measure, we have reset passwords and revoked  session tokens for these accounts,” Lord continued. “If your account was one of  them, you will have recently received (or will shortly) an email from us at the  address associated with your Twitter account notifying you that you will need to  create a new password.

“Your old password will not work when you try to  log in to Twitter.”

Lord encouraged Twitter users to follow “good  password hygiene” – both on the site and across the internet, and encouraged  users who did not have strong passwords to reset their  information.

Citing similar attacks on the New York Times and Wall Street Journal, he also suggested that users should follow US  Department of Homeland Security advice and disable Java on their  computers.

“This attack was not the work of amateurs, and we do not  believe it was an isolated incident. The attackers were extremely sophisticated,  and we believe other companies and organizations have also been recently  similarly attacked,” Lord added.

“For that reason we felt that it was  important to publicise this attack while we still gather information, and we are  helping government and federal law enforcement in their effort to find and  prosecute these attackers to make the Internet safer for all users.”