Twitter and Washington Post targeted by hackers

 

Social media giant Twitter is among the latest US companies to acknowledge that it is among a growing list of victims of Internet security attacks, saying that hackers may have gained access to information on 250,000 of its more than 200 million active users. And now, The Washington Post is joining the chorus, saying that it discovered that it was the target of a sophisticated cyberattack in 2011.

Twitter said a blog post on Friday it detected attempts to gain access to its user data earlier in the week. It shut down one attack moments after it was detected.

But Twitter discovered that the attackers may have stolen user names, email addresses and encrypted passwords belonging to 250,000 users they describe as 'a very small percentage of our users.“

Nonetheless, the company reset the pilfered passwords and sent emails advising the affected users.

The online attack comes on the heels of recent hacks into the computer systems of US media and technology companies, including The New York Times and The Wall Street Journal. Both American newspapers reported this week that their computer systems had been infiltrated by China-based hackers, likely to monitor media coverage the Chinese government deems important.

On Friday, The Washington Post disclosed in an article published on its website that it was the target of a sophisticated cyberattack, which was discovered in 2011. The company's spokeswoman, Kris Coratti, didn't offer any details including the duration of the attack or the origins. But according to sources that the paper quoted, who it said spoke on condition of anonymity, the intruders gained access as early as 2008 or 2009.

The cyberattack was first reported by an independent cybersecurity blog on Friday.

“Like other companies in the news recently, we face cybersecurity threats,” Coratti was quoted as saying. “We have a number of security measures in place to guard against cyberattacks on an ongoing basis.”

According to Coratti's comments made to the newspaper, the company worked with security company Mandiant to “detect, investigate and remediate the situation promptly at the end of 2011.”

Coratti couldn't be reached immediately for comment by The Associated Press.

China has been accused of mounting a widespread, aggressive cyber-spying campaign for several years, trying to steal classified information and corporate secrets and to intimidate critics. The Chinese foreign ministry could not be reached for comment, but the Chinese government has said those accusations are baseless and that China itself is a victim of cyber-attacks.

“Chinese law forbids hacking and any other actions that damage Internet security,” the Chinese Defense Ministry recently said. “The Chinese military has never supported any hacking activities.”

Twitter's director of information security, Bob Lord, said in the blog that the attack “was not the work of amateurs, and we do not believe it was an isolated incident.”

“The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked,” Lord said. “For that reason we felt that it was important to publicise this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.”

One expert said that the Twitter hack probably happened after an employee's home or work computer was compromised through vulnerabilities in Java, a commonly used computing language whose weaknesses have been well publicized.

Ashkan Soltani, an independent privacy and security researcher, said such a move would give attackers “a toehold” in Twitter's internal network, potentially allowing them either to sniff out user information as it traveled across the company's system or break into specific areas, such as the authentication servers that process users' passwords.

The relatively small number of users affected suggested either that attackers weren't on the network long or that they were only able to compromise a subset of the company's servers, Soltani said.

Twitter is generally used to broadcast messages to the public, so the hacking might not immediately have yielded any important secrets. But the stolen credentials could be used to eavesdrop on private messages or track which Internet address a user is posting from.

That might be useful, for example, for an authoritarian regime trying to keep tabs on a journalist's movements.

“More realistically, someone could use that as an entry point into another service,” Soltani said, noting that since few people bother using different passwords for different services, a password stolen from Twitter might be just as handy for reading a journalist's emails.

Life and Style
ebookNow available in paperback
ebooks
ebookPart of The Independent’s new eBook series The Great Composers
Arts and Entertainment
Larry David and Rosie Perez in ‘Fish in the Dark’
theatreReview: Had Fish in the Dark been penned by a civilian it would have barely got a reading, let alone £10m advance sales
News
Details of the self-cleaning coating were published last night in the journal Science
science
News
Approved Food sell products past their sell-by dates at discounted prices
i100
News
Life-changing: Simone de Beauvoir in 1947, two years before she wrote 'The Second Sex', credited as the starting point of second wave feminism
peopleHer seminal feminist polemic, The Second Sex, has been published in short-form to mark International Women's Day
News
i100
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: Digital Marketing Executive

    £18000 - £20000 per annum: Recruitment Genius: A Digital Marketing Executive i...

    Ashdown Group: Senior VMware Platform Engineer - VMware / SAN / Tier3 DC

    £45000 - £55000 per annum + benefits: Ashdown Group: Senior VMware Platform En...

    Ashdown Group: Automated Tester / Test Analyst - .Net / SQL - Cheshire

    £32000 per annum + pension, healthcare & 23 days holiday: Ashdown Group: A gro...

    Ashdown Group: Application Developer - C#.Net, ASP.Net - Cambridgeshire

    Negotiable: Ashdown Group: Software Application Developer (C# & ASP.Net, SQL S...

    Day In a Page

    Homeless Veterans campaign: Donations hit record-breaking £1m target after £300,000 gift from Lloyds Bank

    Homeless Veterans campaign

    Donations hit record-breaking £1m target after huge gift from Lloyds Bank
    Flight MH370 a year on: Lost without a trace – but the search goes on

    Lost without a trace

    But, a year on, the search continues for Flight MH370
    Germany's spymasters left red-faced after thieves break into brand new secret service HQ and steal taps

    Germany's spy HQ springs a leak

    Thieves break into new €1.5bn complex... to steal taps
    International Women's Day 2015: Celebrating the whirlwind wit of Simone de Beauvoir

    Whirlwind wit of Simone de Beauvoir

    Simone de Beauvoir's seminal feminist polemic, 'The Second Sex', has been published in short-form for International Women's Day
    Mark Zuckerberg’s hiring policy might suit him – but it wouldn’t work for me

    Mark Zuckerberg’s hiring policy might suit him – but it wouldn’t work for me

    Why would I want to employ someone I’d be happy to have as my boss, asks Simon Kelner
    Confessions of a planespotter: With three Britons under arrest in the UAE, the perils have never been more apparent

    Confessions of a planespotter

    With three Britons under arrest in the UAE, the perils have never been more apparent. Sam Masters explains the appeal
    Russia's gulag museum 'makes no mention' of Stalin's atrocities

    Russia's gulag museum

    Ministry of Culture-run site 'makes no mention' of Stalin's atrocities
    The big fresh food con: Alarming truth behind the chocolate muffin that won't decay

    The big fresh food con

    Joanna Blythman reveals the alarming truth behind the chocolate muffin that won't decay
    Virginia Ironside was my landlady: What is it like to live with an agony aunt on call 24/7?

    Virginia Ironside was my landlady

    Tim Willis reveals what it's like to live with an agony aunt on call 24/7
    Paris Fashion Week 2015: The wit and wisdom of Manish Arora's exercise in high camp

    Paris Fashion Week 2015

    The wit and wisdom of Manish Arora's exercise in high camp
    8 best workout DVDs

    8 best workout DVDs

    If your 'New Year new you' regime hasn’t lasted beyond February, why not try working out from home?
    Paul Scholes column: I don't believe Jonny Evans was spitting at Papiss Cissé. It was a reflex. But what the Newcastle striker did next was horrible

    Paul Scholes column

    I don't believe Evans was spitting at Cissé. It was a reflex. But what the Newcastle striker did next was horrible
    Miguel Layun interview: From the Azteca to Vicarage Road with a million followers

    From the Azteca to Vicarage Road with a million followers

    Miguel Layun is a star in Mexico where he was criticised for leaving to join Watford. But he says he sees the bigger picture
    Frank Warren column: Amir Khan ready to meet winner of Floyd Mayweather v Manny Pacquiao

    Khan ready to meet winner of Mayweather v Pacquiao

    The Bolton fighter is unlikely to take on Kell Brook with two superstar opponents on the horizon, says Frank Warren
    War with Isis: Iraq's government fights to win back Tikrit from militants - but then what?

    Baghdad fights to win back Tikrit from Isis – but then what?

    Patrick Cockburn reports from Kirkuk on a conflict which sectarianism has made intractable