Twitter acts fast to change logins after it admits its security was broken by sophisticated hackers
Twitter warned on Friday that usernames, email addresses, session tokens and “encrypted/salted” versions of passwords were accessed without authorisation. It has reset passwords of those affected, notifying users via email.
The hack came to light in a week of breach disclosures. China has been blamed for hits on various US media organisations, including the New York Times and the Wall Street Journal, who claimed they were being spied on because of their coverage of the Asian nation.
“We detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later,” said Bob Lord, director of information security at Twitter, in a blog post.
“This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organisations have also been recently similarly attacked.
“For that reason we felt that it was important to publicise this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.”
The social networking giant offered some basic security advice for users, including disabling Java in browsers and using different, complex passwords for separate Internet accounts.
Twitter has not offered any more information on the nature of the attack or who it believes was behind it following a TechWeekEurope request for comment.
Are you a security expert? Try our quiz!