Twitter said Friday that it had been attacked by "sophisticated" hackers who
had obtained email addresses and passwords of 250,000 users.
The popular social media site canceled passwords for the users and sent
them emails advising them how to create a new password.
The attack "was not the work of amateurs, and we do not believe it was an
isolated incident," said Bob Lord, director of security at Twitter, in the
blog post.
"The attackers were extremely sophisticated, and we believe other
companies and organizations have also been recently similarly attacked. For
that reason we felt that it was important to publicize this attack while we
still
gather information, and we are helping government and federal law
enforcement in their effort to find and prosecute these attackers to make the
Internet safer for all users."
The attack was spotted when Twitter security saw "unusual access
patterns" that showed someone making unauthorized attempts to access Twitter
user data, Lord reported.
"We discovered one live attack and were able to shut it down in process
moments later. However, our investigation has thus far indicated that the
attackers may have had access to limited user information -- user names, email
addresses, session tokens and encrypted/salted versions of passwords -- for
approximately 250,000 users."
Other news organizations have been attacked
recently. The New York Times disclosed a sophisticated attack it
attributed to Chinese-based hackers. The Wall Street Journal followed with a
report that it also had been attacked. Bloomberg has also been a target.
