Twitter Admits Attackers Breached Security, Stole User Data

Share the joy

The recent scare in security attacks targeted at large US tech and media firms, such as the New York Times and the Wall Street Journal, determined how vulnerable everyone is from cybercriminals.

In the last two weeks of January, the NYT and the WSJ reported breaches in their security systems, and Apple and Mozilla quickly disabled support for Java in Safari and Firefox web browsers.

Earlier this week, Twitter spotted strange access patterns that were illicit attempts to access the micro-blogging sites’ user data.

Twitter said it found a live attack and shut it down, but further investigation revealed that the attackers may have accessed limited user information from around 250,000 users, including usernames, email addresses, session IDs, and encrypted versions of passwords.

The site’s security team reset passwords and canceled tokens for the accounts, as a safety measure.


Featured image by JoshSemans / Flickr (CC)

According to an official blog post by Bob Lord, director of Information Security at Twitter, the team already sent an email to owners of affected accounts and notified them to create a new password after it revoked the previous one.

Lord says that while only a small portion of Twitter users were likely hit, the firm urges everyone to grab the chance to maintain the proper way of handling passwords, not only on Twitter but also on other websites.

A strong password usually has at least 10 characters – more is better – and is a combination of uppercase and lowercase letters, numbers, and symbols that is exclusive to a single online account, such as Twitter.

Reusing the password for several online accounts will multiply the risks of compromising your security on the Internet.

Lord urges all Twitter users to practice good password hygiene and take a few minutes of their time to create a new password.

While Twitter’s Help Center already provides enough information about taking care of your Twitter and online accounts, the Federal Trade Commission also has its own guide to keep passwords secure.

Security experts and the US Department of Homeland Security are urging users to disable Java on their computers’ web browsers.

Lord says the series of attacks aimed at large US firms are the work of professionals and is not an isolated case.

He believes that the attackers were very sophisticated and that other companies and organizations were victims of a similar attack.

While Twitter found it important to inform the public about the incident and gather more information, it has teamed up with the government’s law enforcement agencies to hunt and take legal action against the attackers for a safer Internet.

Author: Francis Rey Balolong

A coffee junkie who spends most of his time writing about the latest news on social media and mobile technology. I would definitely consider myself a nerd (in the coolest most hipster way possible). That being said, I love technology, music, writing, and all things mobile.

Share This Post On

Leave a Reply

Be the First to Comment!