Twitter confirmed late on Friday afternoon that it has experienced a major security breach -- compromising personal data for more than 250,000 user accounts.
So far, the social networking giant has reported one attack, which it affirmed it has since resolved.
HP execs debate reality of hacker expertise; lament most businesses don't understand
But the long-term damage remains to be seen. Twitter admitted that attackers might have had access to at least some personal data -- specifically usernames, email addresses, session tokens and encrypted/salted versions of passwords.
The San Francisco-based company said that it has already notified these users via email while also resetting their passwords as a precautionary measure.
Bob Lord, director of information security at Twitter, revealed more about the severity of the situation in a blog post today.
Here is an excerpt:
This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.
While Lord did not offer more information about a specific culprit, he did link to reports pointing toward an "uptick in large-scale security attacks aimed at U.S. technology and media companies" -- specifically The New York Times and The Wall Street Journal.
He also referenced the firestorm around security vulnerabilities in the latest version of Java, citing recommendations from the U.S. Department of Homeland Security as well as the fact that both Apple and Mozilla have turned off Java by default in their respective Safari and Firefox browsers.