Twitter announced some concerning news on their blog yesterday evening, revealing that their site may have been hacked, and that 250,000 Twitter accounts may be at risk. They’ve also sent an email out to many users who they believe may be affected, advising them to change their passwords.
This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users.
As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts. If your account was one of them, you will have recently received (or will shortly) an email from us at the address associated with your Twitter account notifying you that you will need to create a new password. Your old password will not work when you try to log in to Twitter.
The news follows reports from earlier this week regarding hacking attempts and outages targeted at Amazon, Bank of America, The New York Times, The Wall Street Journal, and others. Twitter Information Security Director Bob Lord did not specify who may have been behind the attack – but he did have a few things to say about the hackers, whoever they might be:
This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.
Twitter also advises anyone who may be concerned about their account to change their password – especially if you aren’t using a secure password in the first place. The report also encourages users to disable Java in their browsers, as there have been a number 0f recent Java-related security concerns that can contribute to your information being hacked or stolen. If you’re not sure how to disable Java, check out our tutorial.
As far as secure passwords go, I highly recommend using 1Password for Mac (direct link) and iOS (direct link) to generate random secure passwords (which it will also remember for you so you don’t forget!).