Feb. 02--Twitter said Friday that it had been attacked by "sophisticated" hackers who had obtained email addresses and passwords of 250,000 users.
The popular social media site canceled passwords for the users and sent out emails advising them how to create a new password. It said in a blog post that "only a very small percentage of our users were potentially affected by this attack."
The attack "was not the work of amateurs, and we do not believe it was an isolated incident," Bob Lord, director of information security at Twitter, said in the blog post.
"The attackers were extremely sophisticated, and we believe other companies and organizations have also
been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users."
The attack was spotted when Twitter security saw "unusual access patterns" that showed someone making unauthorized attempts to access Twitter user data, Lord reported.
"We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information -- user names, email addresses, session tokens and encrypted/salted
versions of passwords -- for approximately 250,000 users."
That many users is "a small drop in the bucket to a company the size of Twitter," said Rob Kraus, director of research at Solutionary, a Nebraska Internet security company. "I wouldn't consider that a tremendous breach compared to other things we've seen, but because it's Twitter it is going get a lot of notoriety."
He said he was concerned that when people respond to Twitter's email inviting them to change their accounts, they should be careful they aren't responding to a fake email that sends them to a dummy website to change their passwords. "By starting the password change process, you just got infected."
Contact Pete Carey at 408-920-5419 Follow him on Twitter.com/petecarey
(c)2013 the San Jose Mercury News (San Jose, Calif.)
Visit the San Jose Mercury News (San Jose, Calif.) at www.mercurynews.com
Distributed by MCT Information Services
Most Popular Stories
- James Foley Beheading Video Is Real Thing: White House
- McDonald's Packages Coffee for National Distribution
- Apple Stock Bounces Back Big Time
- Notes From the July FOMC Meeting
- Honda's Safe Approach Pays Off in Sales
- Castro-Blanco Joins Fifth Street Finance Board
- GE Healthcare Bringing Jobs to Massachusetts
- Ballmer Steps Down From Microsoft Board
- Target Slashes Annual Profit Outlook
- Google Kid Accounts Plan Raises Worries