The recent scare in security attacks targeted at large US tech and media firms, such as the New York Times and the Wall Street Journal, determined how vulnerable everyone is from cybercriminals.
Earlier this week, Twitter spotted strange access patterns that were illicit attempts to access the micro-blogging sites’ user data.
Twitter said it found a live attack and shut it down, but further investigation revealed that the attackers may have accessed limited user information from around 250,000 users, including usernames, email addresses, session IDs, and encrypted versions of passwords.
The site’s security team reset passwords and canceled tokens for the accounts, as a safety measure.
According to an official blog post by Bob Lord, director of Information Security at Twitter, the team already sent an email to owners of affected accounts and notified them to create a new password after it revoked the previous one.
Lord says that while only a small portion of Twitter users were likely hit, the firm urges everyone to grab the chance to maintain the proper way of handling passwords, not only on Twitter but also on other websites.
A strong password usually has at least 10 characters – more is better – and is a combination of uppercase and lowercase letters, numbers, and symbols that is exclusive to a single online account, such as Twitter.
Reusing the password for several online accounts will multiply the risks of compromising your security on the Internet.
Lord urges all Twitter users to practice good password hygiene and take a few minutes of their time to create a new password.
Security experts and the US Department of Homeland Security are urging users to disable Java on their computers’ web browsers.
Lord says the series of attacks aimed at large US firms are the work of professionals and is not an isolated case.
He believes that the attackers were very sophisticated and that other companies and organizations were victims of a similar attack.
While Twitter found it important to inform the public about the incident and gather more information, it has teamed up with the government’s law enforcement agencies to hunt and take legal action against the attackers for a safer Internet.