Last week, hackers gained access to Twitter’s internal systems and stole information, compromising 250,000 accounts. In a blog post, on Friday, Twitter announced that they had recorded some unusual access patterns that was identified as unauthorized access attempts to Twitter user data. Twitter reportedly shut down the attack quickly, but revealed that the attackers gained access to a limited set of user information like usernames, email addresses, session tokens and encrypted/salted versions of passwords.
Is this the work of Chinese Hackers?
The online attack comes on the heels of recent hacks into the computer systems of US media and technology companies, including The New York Times and The Wall Street Journal. Both American newspapers reported that their computer systems had been infiltrated by China-based hackers. While articles and blogs are speculating that the Twitter attack may have been related to other recent attacks by China-based hackers, Twitter did not state this directly. They did, however reference the recent attacks against the New York Times and The Wall Street Journal. PCMag published a slide show on 10 Targets Hit by Chinese Hackers.
According to @boblord, “This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.”
Twitter protecting its users
Twitter has reset the passwords and revoked their session tokens of the impacted accounts. Lord urges all users to use good password hygiene across the internet and reset Twitter passwords as well.
Good password hygiene
- At least 10 characters
- Mixture of upper, lower case, symbols and numbers
- Only use each password for one site
For more information on good password hygiene, read Dan’s advice for creating strong passwords.
Twitter did not specify the method hackers used to penetrate its system, but mentioned vulnerabilities related to Java in Safari and Firefox, and echoed Homeland Security’s advisory that users disable Java in their browsers.
Update: Some media portals also relate this attack to Hacktivist Anonymous Group incorrectly, Twitter itself nowhere mention anything about who is attacker.