Twitter: More than 250K user accounts have been compromised

Summary:Following several other high-profile attacks this week, Twitter confirms that hackers had access to personal data for more than 250,000 of its users.

Twitter confirmed late on Friday afternoon that it has experienced a major security breach -- compromising personal data for more than 250,000 user accounts.

So far, the social networking giant has reported one attack, which it affirmed it has since resolved.

See also:
HP execs debate reality of hacker expertise; lament most businesses don't understand

But the long-term damage remains to be seen. Twitter admitted that attackers might have had access to at least some personal data -- specifically usernames, email addresses, session tokens and encrypted/salted versions of passwords.

The San Francisco-based company said that it has already notified these users via email while also resetting their passwords as a precautionary measure.

Bob Lord, director of information security at Twitter, revealed more about the severity of the situation in a blog post today.

Here is an excerpt:

This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.

While Lord did not offer more information about a specific culprit, he did link to reports pointing toward an "uptick in large-scale security attacks aimed at U.S. technology and media companies" -- specifically The New York Times and The Wall Street Journal.

He also referenced the firestorm around security vulnerabilities in the latest version of Java, citing recommendations from the U.S. Department of Homeland Security as well as the fact that both Apple and Mozilla have turned off Java by default in their respective Safari and Firefox browsers.

Topics: Security, Mobility, Social Enterprise, Developer


Rachel King is a staff writer for CBS Interactive based in San Francisco, covering business and enterprise technology for ZDNet, CNET and SmartPlanet. She has previously worked for The Business Insider,, CNN's San Francisco bureau and the U.S. Department of State. Rachel has also written for, Irish Americ... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.