Twitter is coming forward as the latest site to be hacked. The social network said in a blog post Friday afternoon
that approximately 250,000 user accounts were potentially compromised,
with attackers gaining access to information including user names and
email addresses.
The company first
detected signs of an attack earlier in the week, which led to an
investigation and the discovery of a larger breach.
"This week, we detected
unusual access patterns that led to us identifying unauthorized access
attempts to Twitter user data. We discovered one live attack and were
able to shut it down in process moments later," said Bob Lord,
Twitter's director of information security, in a post. "However, our
investigation has thus far indicated that the attackers may have had
access to limited user information."
Twitter has reset the
passwords and revoked session tokens, which allow you to stay logged
into the service without reentering a password, for all of these
accounts. Affected users will not be able to log in and will receive an
e-mail instructing them to reset their password. The post doesn't go
into details about the methods the attackers used, but does refer to a
recent Java vulnerability. The Department of Homeland Security recently
warned users about the issue and suggested they disable Java in their
browsers unless "it is absolutely necessary."
This attack follows major security breaches at the New York Times and the Wall Street Journal,
which were both attributed to Chinese hackers. The New York Times
suspects it was in response to negative coverage of the Chinese Prime
Minister Wen Jiabao, and the Journal said evidence pointed to an
attempt to "target the monitoring of the Journal's coverage of China."
The Washington Post announced late Friday
that it too had experienced attacks that fit the profile in 2011, and
Bloomberg News acknowledged that it was targeted but said no computers were compromised.
While the Twitter post
does not mention China or blame the hacks on any specific country or
group, it does mention the news organization hacks.
"This attack was not the
work of amateurs, and we do not believe it was an isolated incident.
The attackers were extremely sophisticated, and we believe other
companies and organizations have also been recently similarly
attacked," said Lord.
A quarter-million
accounts is a small segment of Twitter's 200 million monthly active
users worldwide. However the company offers tips for all of its users
going forward, including using strong passwords that mix numbers and
symbols with upper- and lowercase letters, not using the same password
for multiple accounts, and disabling Java.
No comments:
Post a Comment