Twitter has announced that this week it was the the recipient of an attempt by a hacker to gain unauthorized access to its users’ data. In a blog post, it says that approximately 250,000 users may have been compromised as a result with limited user information accessed, including usernames, email addresses, session tokens, and encrypted/salted versions of passwords.
The attack on Twitter comes at a time when media companies such as the Wall Street Journal and the New York Times have also been affected, with some accusing the Chinese government of being behind it. With regards to Twitter, no evidence has been found yet linking the cyberattack to China, but what the social network has said is that there was one live attack it discovered and shut it down in process moments later.
It believes that while a “very small percentage” of its users were “potentially affected”, it is encouraging everyone to ensure that passwords are secure — or follow “good password hygiene” — wherever they need to use login credentials. Please don’t use common ones, like these, for example.
To that end, Twitter has reset passwords and revoked session tokens for those accounts it believes were affected. If you received an email from Twitter at the address assigned to your account, it might be a sign you could have had your account compromised and that you will need to create a new password. Twitter says old passwords will not work anymore.
According to Bob Lord, Twitter’s Director of Information Security:
This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.
This isn’t the first time Twitter has faced an attack by hackers. Last May, the company had approximately 55,000 accounts compromised with accounts belonging to celebrities attacked in the process. In November, Twitter again sent emails to some users warning them that their accounts may have been compromised because of another hack.
Twitter has warned users to pay attention to an advisory by the US Department of Homeland Security that encourages users to disable Java on their computers.
If you’ve been following TNW’s coverage about Java, you’ll know that just today, Oracle announced the release of a Java 7 Update 13 to address 50 vulnerabilities. It seems that every time an update is released, more vulnerabilities with Java are found. This time, Oracle was notified of “active exploitation in the wild of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers.”
Here is the email that Twitter is sending out to those it believes were affected by the hacking:
If you don’t know if your account was affected and you wish to change your password, you can update it here.
Photo credit: Shawn Campbell/Flickr