Twitter: More than 250K user accounts have been compromised

Twitter: More than 250K user accounts have been compromised

Summary: Following several other high-profile attacks this week, Twitter confirms that hackers had access to personal data for more than 250,000 of its users.

SHARE:

Twitter confirmed late on Friday afternoon that it has experienced a major security breach -- compromising personal data for more than 250,000 user accounts.

So far, the social networking giant has reported one attack, which it affirmed it has since resolved.

See also:
HP execs debate reality of hacker expertise; lament most businesses don't understand

But the long-term damage remains to be seen. Twitter admitted that attackers might have had access to at least some personal data -- specifically usernames, email addresses, session tokens and encrypted/salted versions of passwords.

The San Francisco-based company said that it has already notified these users via email while also resetting their passwords as a precautionary measure.

Bob Lord, director of information security at Twitter, revealed more about the severity of the situation in a blog post today.

Here is an excerpt:

This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.

While Lord did not offer more information about a specific culprit, he did link to reports pointing toward an "uptick in large-scale security attacks aimed at U.S. technology and media companies" -- specifically The New York Times and The Wall Street Journal.

He also referenced the firestorm around security vulnerabilities in the latest version of Java, citing recommendations from the U.S. Department of Homeland Security as well as the fact that both Apple and Mozilla have turned off Java by default in their respective Safari and Firefox browsers.

Topics: Security, Apps, Mobility, Privacy, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • Rough week for Twitter

    First the over capacity issues, now a giant breach....I read on bitsblog that stolen passwords go for about $20 on the black market - side eye - seems high. (I guess b/c I use throw away passwords, so breaches are pretty...moot.)
    ashleythurston
    • The breach happened at the time of "capacity"/"overload" issue -- it was ..

      ... the same thing
      DDERSSS
  • That is funny

    Twatter = digital diarrhea of the mouth.
    JeveSobs
    • Twitter is merely a cough...

      What you describe is more akin to Facebelch...
      HypnoToad72
  • Tweet this

    #your hacked, HAHA.

    Twitter, an application for the mentally challenged.
    Alan Smithie
  • Oh, no!

    And just exactly how am I going to know what Jessica Simpson had for breakfast?
    shoutout