Just a day after intermittent outage disrupted Twitter services, the micro-blogging website has sent out emails to around 250,000 users warning them that their accounts may have been compromised in the last week.
Twitter wrote in its blog that it detected ‘unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data.’ The company has claimed that it managed to detect and shut down a live attack within moments but its investigation had indicated that the attackers may have found limited user information.
Twitter wrote that the hackers could have had access to usernames, email addresses, session tokens and encrypted/salted versions of passwords for approximately 250,000 users. As a precautionary measure, Twitter sent out emails to these users letting them know that the site had reset their passwords and revoked security tokens for their accounts. All these users will have to create new passwords to access their accounts.
Reset your passwords
While Twitter has downplayed the possibility that the hacking could have been related to the widespread outage that affected users of the micro-blogging site, it has ominously drawn parallels with the hacking of US-based news websites earlier this week.
“As you may have read, there’s been a recent uptick in large-scale security attacks aimed at U.S. technology and media companies. Within the last two weeks, the New York Times and Wall Street Journal have chronicled breaches of their systems, and Apple and Mozilla have turned off Java by default in their browsers,” Twitter noted.
Twitter also went on to echo the advisory from the U.S Department of Homeland Security and security experts who have asked users to disable Java in their browsers. Apple has ended up blocking the Java Web plugin for the second time this year after an earlier attempt to patch a critical vulnerability was found to have not fixed the issue. The plugin could still be exploited despite Oracle putting security mechanisms in place. Threats to Internet security have been alarmingly high in the past week and Twitter emphasised this over justifying resetting thousands of passwords.
“This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked,” read the blog. “For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.”
Twitter seems to be having a rather rocky start to the new year with controversies and security issues following it. While there have been intermittent outages on the micro-blogging website, it has also found itself in Apple’s bad books. Twitter’s new video tweet app called Vine that has been available exclusively through the Apple App Store has been plagued with pornographers who have been uploading clips that are taking the short, looping video format of the app. While Apple has maintained a stoic difference from this issue, Twitter has urged users to flag inappropriate content to help it censor these clips.