Hackers have become hyperactive these days. The LinkedIn hack of 2012 was a huge blow on the face of online security. And now it’s Twitter; the social networking giant detected unusual access pattern last week and decided to publicize it by making an announcement on its official blog.
According to the blog post, Twitter identified one live attack and unauthorized attempts to access user data; they successfully shut it down immediately. However, the investigation team found that the attackers probably got access to user data such as usernames, email addresses, encrypted passwords, session tokens etc. for nearly 250,000 of Twitter’s 200 million active users. As a safety measure, Twitter has revoked session tokens and reset the supposedly stolen passwords and intimated respective users through email to create new one.
“Though only a very small percentage of our users were potentially affected by this attack, we encourage all users to take this opportunity to ensure that they are following good password hygiene, on Twitter and elsewhere on the Internet. Make sure you use a strong password – at least 10 (but more is better) characters and a mixture of upper- and lowercase letters, numbers, and symbols – that you are not using for any other accounts or sites,” the blog advises.
This hack was one of the high profile cyber attacks of recent time. “This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked,” the blog said. “For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.” People are blaming Java for this hack. According to an expert, the Twitter hack happened probably when an employee’s work or home computer got compromised through a vulnerability in Java. Along with the U.S. Department of Homeland Security, Twitter also recommends users to disable Java in their browsers.
According to Ashkan Soltani, an independent privacy and security researcher, limited number of hacked account suggests that the attackers could not access the network for long or they could only crack a subset of company’s servers. However, such an attack would allow them to get hold of Twitter’s internal network and access sensitive user information.
As it is a broadcasting platform there might not be any secret data in store that attackers could make off; but the stolen user information can be used to look into private messages or track the IP addresses a user is logging in from etc. “More realistically, someone could use that as an entry point into another service,” said Soltani, since very few people care about creating different passwords for different services, stealing passwords from Twitter might allow the attackers to look at the users’ email inbox easily. The New York Times and The Wall Street Journal also reported intrusion to their computer systems by China-based hackers last week. It’s time for users to take all possible security measures to protect their information online.
“If you are not using good password hygiene, take a moment now to change your Twitter password,” says the blog. “For more information about making your Twitter and other Internet accounts more secure, read our Help Center documentation or the FTC’s guide on passwords,” which are good for all netizens.
Image Courtesy | theredheadriter