Twitter passwords hacked on 250,000 accounts

Cyber-attack is the latest in a line of high-profile hackings

James Legge
Saturday 02 February 2013 09:11
Comments
A suspect used Twitter to stream police negotiations
A suspect used Twitter to stream police negotiations

Tens of thousands of Twitter users, including the BBC's technology correspondent, have had their accounts hacked.

In a blog post, staff at the micro-blogging website said that earlier this week it interrupted attempts to access user data, and that attackers stole 250,000 users' login names, email addresses and encrypted passwords.

It shut down one attack moments after it was detected.

Twitter reset the compromised passwords and sent emails informing affected users.

One of those users was Rory Cellan-Jones, a journalist who covers technology for the BBC.

The attack follows other high-profile hacking attacks, inlcluding China-based hackers' inflitrating computer systems at The New York Times and The Wall Street Journal, and Anonymous's hijack of the US Sentencing Commission's website.

Twitter said in its blog that the attack "was not the work of amateurs, and we do not believe it was an isolated incident".

"The attackers were extremely sophisticated, and we believe other companies and organisations have also been recently similarly attacked.

"For that reason we felt that it was important to publicise this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the internet safer for all users."

One expert said that the Twitter hack probably happened after an employee's home or work computer was compromised through vulnerabilities in Java, a commonly used computing language whose weaknesses have been well publicized.

Ashkan Soltani, an independent privacy and security researcher, told Associated Press such a move would give attackers "a toehold" in Twitter's internal network, potentially allowing them either to sniff out user information as it traveled across the company's system or break into specific areas, such as the authentication servers that process users' passwords.

He said that the relatively small number of users affected suggested either that attackers were not on the network long or that they were only able to compromise a subset of the company's servers.

Bob Lord, Twitter's director of security, said: "We encourage all users to take this opportunity to ensure that they are following good password hygiene, on Twitter and elsewhere on the internet.

"Make sure you use a strong password – at least 10 (but more is better) characters and a mixture of upper- and lowercase letters, numbers, and symbols."

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

By clicking ‘Create my account’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in