INFORMATION BELONGING TO 250,000 Twitter users may have been accessed by hackers this week, the micro-blogging site revealed today.
In a blog post, the company said it detected “unusual access patterns” created by unauthorised attempts to get to user data.
“We discovered one live attack and were able to shut it down moments later,” explained Bob Lord, Director of Information Security.
However, the investigation indicated that the attackers may have had access to limited user information, including usernames, email addresses, session tokens and encrypted versions of passwords.
As a precautionary measure, passwords have been reset for the 250,000 affected accounts. Those impacted by the attack have been sent an email to inform them their old passwords will no longer work.
Twitter believes the attack was “not the work of amateurs” nor an isolated incident.
The attackers were extremely sophisticated, and we believe other companies and organisations have also been recently similarly attacked.
“For that reason we felt that it was important to publicise this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.”
The company advised its users:
Though only a very small percentage of our users were potentially affected by this attack, we encourage all users to take this opportunity to ensure that they are following good password hygiene, on Twitter and elsewhere on the Internet. Make sure you use a strong password – at least 10 (but more is better) characters and a mixture of upper- and lowercase letters, numbers, and symbols – that you are not using for any other accounts or sites. Using the same password for multiple online accounts significantly increases your odds of being compromised. If you are not using good password hygiene, take a moment now to change your Twitter passwords. For more information about making your Twitter and other Internet accounts more secure, read our Help Center documentation or the FTC’s guide on passwords.
The US Department of Homeland Security has also encouraged users to disable Java in their browsers, following a number of system breaches in recent weeks.