Twitter hacked, 250,000 users affected

Twitter hacked, 250,000 users affected

Summary: Twitter has just reported that earlier this week, it was a victim of a successful compromise of its systems, resulting in the "limited access" to user information, including usernames, email addresses, session tokens, and encrypted/salted passwords.

SHARE:
TOPICS: Security
5

Twitter has just reported that earlier this week, it was a victim of a successful compromise of its systems, resulting in the "limited access" to user information, including usernames, email addresses, session tokens, and encrypted/salted passwords, affecting approximately 250,000 users.

More details:

This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users. As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts. If your account was one of them, you will have recently received (or will shortly) an email from us at the address associated with your Twitter account notifying you that you will need to create a new password. Your old password will not work when you try to log in to Twitter.

According to Bob Lord, Twitter's Director of Information Security, the attack was the work of professionals, and Twitter is actively cooperating with law enforcement in an attempt to prevent further damage caused by these attackers.

What can you do to protect your Twitter account? Ensure that in case you receive a password-reset email from Twitter, it indeed points to Twitter's domain, as opportunistic cybercriminals could easily start impersonating Twitter, and mass mail millions of emails in an attempt to gain access to your account. If you do receive a password-reset email from Twitter, ensure  that you're using a strong password, and that you've changed it from a malware-free host.

Find out more about Dancho Danchev at his LinkedIn profile.

Topic: Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • Yeah

    Twitter Sucks Anyway.
    slickjim
  • Tips to protect yourself if a part of a data breach

    This is a fantastic article for those interested in identity safety on the Internet and social media!


    https://idcuffs.com/blog/tweet-tweet-your-twitter-account-is-hacked-and-your-identity-is-stolen-what-next/
    TheIDChannel
  • Usually I am against security breach hacking of user data

    But since Twitter and those who use it are the stupidest most annoying thing ever, bravo!!

    Nobody is interesting enough to fo0llow around, and even as a marketing tool, which is all it really is now, it is annoying.
    TrishaDishaWarEagle
    • not sure why it upsets you so much

      All you have to do is not use it, problem solved.
      frylock
  • appalled not upset

    If you ever had to monitor internet access of users in a business and saw how many hits were generated by the likes of twitter, Facebook etc. you would be appalled, not just upset!
    itisgone