Twitter admitted today that their service had been hit by a “sophisticated” attack, and a large swath of user data for more than 250,000 users had been compromised.
The Twitter hack was disclosed by the microblogging service in a blog post late Friday, first noting that there has been a reported uptick in security breaches of the intentional variety in recent weeks. In the blog posting Twitter goes on to admit:
“This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/saltedversions of passwords – for approximately 250,000 users.”
The post goes on to explain how Twitter is dealing with the hack, beginning with the security measures taken to protect compromised users and their data:
“As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts. If your account was one of them, you will have recently received (or will shortly) an email from us at the address associated with your Twitter account notifying you that you will need to create a new password. Your old password will not work when you try to log in to Twitter.”
At the end of the post, which is titled, “Keeping our users secure,” Twitter suggests the hack was not an isolated incident, and further warns social service users across the board to expect future attacks.
Twitter seems to insinuate that their decision to go public in such a detailed fashion has something to do with the pattern of security breach not solely affecting Twitter:
“This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.”
In the wake of the Twitter hack, the service recommends disabling Java in all browsers.