In continuation of last week’s high-profile attacks on New York Times, the Wall Street Journal and others, the latest victim is one of the world’s top social networking site, Twitter.
On Friday afternoon Twitter began sending emails to some users warning them that their accounts “may have been compromised by a website or service not associated with Twitter.”
Twitter’s director of information security Bob Lord in a blog post added that approximately 250,000 users may have had their session tokens and passwords accessed by hackers, though the passwords were in an encrypted form that may yet prevent them from being used. Stealing a user’s session token, a hash key through which the user is not prompted to re-enter their password every time they access a web service, could potentially allow a hacker access to user’s account.
As a precautionary security measure, Twitter has reset passwords of these compromised accounts and revoked session tokens for these accounts. An email is being sent to all compromised accounts notifying them that they will need to create a new password to log in to Twitter next time.
“This attack was not the work of amateurs, and we do not believe it was an isolated incident,” Lord writes. “The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked.”
What measures can you take to safeguard your Twitter account
- Change your Twitter password immediately – set a complex password, preferably more than 10 characters long
- Disable Java from browser
- Make sure you are accessing the secure website of Twitter when you login – your browser should show “https://twitter.com” before logging in
- Avoid using websites or services that promise to get you thousands of Followers
Meanwhile Twitter says it’s working to track down the hackers responsible for the breach. “We felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.”