Twitter hacked - up to 250,000 accounts compromised
Twitter blogged yesterday that an attack took place over 'just a few moments' before it was noticed by Twitter staff and shut it down. Unfortunately, during the time that the attack took place, approximately 250,000 users had their account data compromised. This included usernames, email addresses, session tokens and encrypted versions of their passwords.
Twitter have identified the 250,000 users and subsequently reset their passwords, sending an email to the users asking them to reset their password.
Although not quite spelling it out, Twitter seem to be leaning towards saying that they are part of the 'collateral damage' which may be to do with the recent spate of exploits and also potentially by 'Anonymous' hacktivist group, which have launched an offensive on the US Government. They also echo the U.S. Government's Homeland security department by saying you should disable Java.
Twitter had this to say about the recent security problem trend:
"As you may have read, there’s been a recent uptick in large-scale security attacks aimed at U.S. technology and media companies. Within the last two weeks, the New York Times and Wall Street Journal have chronicled breaches of their systems, and Apple and Mozilla have turned off Java by default in their browsers."
Twitter haven't confirmed yet if they've actually plugged the hole that led to the exploit in the first place, but I'm sure that Twitters Director of Information Security, Bob Lord and his team will be busy at work making sure that this is not repeated any time soon.
"This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users."
/ twitter hacked /