Twitter hacked; 250000 accounts affected

CNN (blog)

- ‎47 minutes ago‎

Twitter is coming forward as the latest site to be hacked. The social network said in a blog post Friday afternoon that approximately 250,000 user accounts were potentially compromised, with attackers gaining access to information including user names and ...

Twitter hacked; 250000 users must reset their passwordsPCWorld (blog)

Twitter says hackers compromise 250KABC Action News

Highly Cited:Twitter Hacked: Data for 250000 Users May Be StolenNew York Times (blog)

In Depth:Twitter Sends Out Emails To 250K Users Who 'May' Have Been Compromised ...TechCrunch

February 1st, 2013

11:04 PM ET

Twitter hacked; 250,000 accounts affected

By Heather Kelly, CNN

updated 10:59 PM EST, Fri February 1, 2013 | Filed under: Social Media

STORY HIGHLIGHTS

Twitter reports recent attack that may have compromised 250,000 user accounts
The attack is the latest against large sites, including the New York Times and Wall Street Journal
Affected users will receive an e-mail instructing them to reset their passwords
Twitter recommends all users have strong passwords and disable Java in their browsers

(CNN) -- Twitter is coming forward as the latest site to be hacked. The social network said in a blog post Friday afternoon that approximately 250,000 user accounts were potentially compromised, with attackers gaining access to information including user names and email addresses.

The company first detected signs of an attack earlier in the week, which led to an investigation and the discovery of a larger breach.

"This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later," said Bob Lord, Twitter's director of information security, in a post. "However, our investigation has thus far indicated that the attackers may have had access to limited user information."

Twitter has reset the passwords and revoked session tokens, which allow you to stay logged into the service without reentering a password, for all of these accounts. Affected users will not be able to log in and will receive an e-mail instructing them to reset their password. The post doesn't go into details about the methods the attackers used, but does refer to a recent Java vulnerability. The Department of Homeland Security recently warned users about the issue and suggested they disable Java in their browsers unless "it is absolutely necessary."

This attack follows major security breaches at the New York Times and the Wall Street Journal, which were both attributed to Chinese hackers. The New York Times suspects it was in response to negative coverage of the Chinese Prime Minister Wen Jiabao, and the Journal said evidence pointed to an attempt to "target the monitoring of the Journal's coverage of China."

The Washington Post announced late Friday that it too had experienced attacks that fit the profile in 2011, and Bloomberg News acknowledged that it was targeted but said no computers were compromised.

While the Twitter post does not mention China or blame the hacks on any specific country or group, it does mention the news organization hacks.

"This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked," said Lord.

A quarter-million accounts is a small segment of Twitter's 200 million monthly active users worldwide. However the company offers tips for all of its users going forward, including using strong passwords that mix numbers and symbols with upper- and lowercase letters, not using the same password for multiple accounts, and disabling Java.

end quote from: