Twitter Attack! 250,000 Hit, “Sophisticated” Hack
The social network, which has just under 0.5 billion users, said it discovered one live attack and shut it down, but confirmed “the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users.”
“We do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked,” Twitter’s Bob Lord (@boblord) Director of Information Security said Friday on a blog.
The No. 2 biggest social network detected unusual access patterns that led to identifying “unauthorized access attempts” to Twitter user data.
Although it is not known who is behind the massive attack, it is being linked to recent attacks on The New York Times and Wall Street Journal. Some believe Chinese hackers linked to the government are behind the attacks on US media organisations.
Twitter says it has reset passwords and revoked session tokens for the affected accounts.
If your account was one of them, you should shortly receive an email from Twitter notifying you of the need to create a new password. Your old password will not work when you try to log in to Twitter.
So what could the hackers do with the stolen data?
“The hackers could spam the email addresses, pretending to be Twitter and maybe trick you into clicking on a link or opening an attachment. In this way they might steal further information from you,” says Graham Cluley, Naked Security.
The naughty cyber crims could also dupe the user in other ways by pretending to be someone else, or hijack your Twitter account using the stolen session token, the security guru warns.
“Though only a very small percentage of our users were potentially affected, we encourage all users to take this opportunity to ensure that they are following good password hygiene, on Twitter and elsewhere on the Internet,” says Twitters security boss.
|“Make sure you use a strong password – at least 10 (but more is better) characters and a mixture of upper- and lowercase letters, numbers, and symbols – that you are not using for any other accounts or sites.” Use of non-dictionary words is also widely advised.
Twitter is encouraging users to disable Java on their PC, due to he high incidence of web-based attacks exploiting security holes in Java.
This is not the first attack on Twitter and 55,000 accounts were believed to be exposed last year, thought to be the work of Anonymous.