Twitter joins growing list of media websites to be hacked – 250k accounts compromised

3 Feb 2013

It emerged over the weekend that as many as 250,000 Twitter accounts may have been compromised in a hacker attack. Twitter joins a growing array of major sites to be attacked in recent days, including The New York Times, The Wall Street Journal and the Washington Post.

As a result of the attacks, Apple and Mozilla have turned off Java by default in their respective Safari and Firefox browsers.

Twitter admitted that hackers may have accessed the usernames, email addresses and other information contained in the 250,000 users accounts.

“This week, we detected unusual access patterns that led to us identifying unauthorised access attempts to Twitter user data,” the company said in its blog.

“We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users.

“As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts. If your account was one of them, you will have recently received (or will shortly) an email from us at the address associated with your Twitter account notifying you that you will need to create a new password. Your old password will not work when you try to log in to Twitter,” the social media site said.

During the week, The New York Times said it had been attacked consistently in the past four months by hackers it believes have been operating out of China and have broken into employees’ email accounts.

Just a day after The New York Times said it had been attacked, The Wall Street Journal said it is also the victim of sustained cyber attacks from hackers who had broken into its network through computers in its Beijing bureau.

The Washington Post and Bloomberg are also understood to be under cyber attack.

Twitter hack suggests new heightened form of attack

Sophos Naked Security blogger Graham Cluley said the attacks on Twitter deviate from the norm.

“Normally, attacks are against individual accounts with the intention of spreading diet spam or malicious links, rather than against Twitter’s systems themselves.”

Cluley also said he doesn’t see a link yet between the attacks emanating from China and elsewhere on the major media brands.

“Although Twitter referenced the recent high-profile attacks on newspapers, they haven’t explicitly said that they believe China hacked Twitter or presented any evidence to suggest that.

“If Twitter has any information that does point a finger of suspicion towards China (such as if dissident or human rights Twitter accounts were targeted) they haven’t shared that with the media,”

Cluley said users should always use passwords that are not easy to guess or dictionary words.

“Make it as long as possible, and use a mixture of upper and lower-case letters, numbers and special characters.”

Security image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years