SecurityWorkspace

Twitter Hacked – 250,000 User Passwords Potentially Pilfered

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Google + Linkedin Subscribe to our newsletter Write a comment

Twitter acts fast to change logins after it admits its security was broken by sophisticated hackers

Micro-blogging giant Twitter has revealed its systems were hacked, resulting in the compromise of 250,000 user logins.

Twitter warned on Friday that usernames, email addresses, session tokens and “encrypted/salted” versions of passwords were accessed without authorisation. It has reset passwords of those affected, notifying users via email.

The hack came to light in a week of breach disclosures. China has been blamed for hits on various US media organisations, including the New York Times and the Wall Street Journal, who claimed they were being spied on because of their coverage of the Asian nation.

Twitter securityTwitter hacked

“We detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later,” said Bob Lord, director of information security at Twitter, in a blog post.

“This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organisations have also been recently similarly attacked.

“For that reason we felt that it was important to publicise this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.”

The social networking giant offered some basic security advice for users, including disabling Java in browsers and using different, complex passwords for separate Internet accounts.

Twitter has not offered any more information on the nature of the attack or who it believes was behind it following a TechWeekEurope request for comment.

Are you a security expert? Try our quiz!