This afternoon Twitter confirmed that some of their user data fell victim to an attack by hackers — although they were able to quickly shut down a breach, the company admitted that “limited user information” may have been accessed.
“This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later.” Twitter's Director of Information Security wrote on their blog.
Further investigation into the system breach revealed the kind of awful news nobody ever wants to hear — “attackers may have had access to limited user information including usernames, email addresses, session tokens and encrypted/salted versions of passwords — for approximately 250,000 users.”
The iconic social network went on to inform its users whose data may have been compromised that emails would be sent out to prompt a resetting of account passwords.
“If your account was one of them, you will have recently received (or will shortly) an email from us at the address associated with your Twitter account notifying you that you will need to create a new password. Your old password will not work when you try to log in to Twitter.”
The post went on to urge everyone to follow “good password hygiene, on Twitter and elsewhere on the Internet”, an admonishment that sounded like a public service announcement advising caution against STDs.
Safety measures included disabling of Java in all browsers unless it's absolutely necessary due to vulnerabilities in multiple versions of Java 7—an advisory that Twitter echoed from the U.S. Department of Homeland Security after Chinese hackers breached both The New York Times and The Wall Street Journal in the past two weeks.
“This attack was not the work of amateurs, and we do not believe it was an isolated incident,” the company wrote. “The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information.”
Slate has posted detailed instructions on how to disable the Java plugin in your browser.
via Twitter Blog