Hackers compromise 250,000 Twitter accounts
(CNN) — Twitter is coming forward as the latest site to be hacked. The social network said in a blog post Friday afternoon that approximately 250,000 user accounts were compromised, with attackers gaining access to information including user names and email addresses.
The company first detected signs of an attack earlier in the week, which led to an investigation and the discovery of a larger breach.
“This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later,” said Bob Lord, Twitter’s director of information security, in a post.
Twitter has reset the passwords and revoked session tokens, which allow you to stay logged into the service without reentering a password, for all of these accounts. Affected users will not be able to log in and will receive an e-mail instructing them to reset their password.
This attack follows major security breaches at the New York Times and the Wall Street Journal, which were both attributed to Chinese hackers. The New York Times suspects it was in response to negative coverage of the Chinese Prime Minister Wen Jiabao, and the Journal said evidence pointed to an attempt to “target the monitoring of the Journal’s coverage of China.” While the Twitter post does not mention China or blame the hacks on any specific country or group, it does mention the newspaper hacks.
“This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked,” said Lord.
A quarter-million accounts is a small segment of Twitter’s 200 million monthly active users worldwide. However the company offers tips for all of its users going forward, including using strong passwords that mix numbers and symbols with upper- and lowercase letters, not using the same password for multiple accounts, and disabling Java in all browsers.