Twitter Says 250,000 Accounts Possibly Compromised
These do not look like random attacks. The New York Times and Wall Street Journal attacks were targeted towards journalists who had written about China. According to their analysis, the Chinese hackers compromised University computers in the United States and then used those computers to facilitate the actual attacks on journalists.
Twitter’s attack has affected approximately 250,000 accounts, including my account, @waynedixon. Twitter has stated that they noticed some unusual activity on the affected accounts. Some of the information obtained, from Twitter, by the hackers include usernames (already public), email addresses (woohoo more spam!), session tokens and encrypted/salted passwords. Twitter has also sent out emails to the users who are affected by the breach stating that their old passwords will no longer work.
Besides myself, here are some other users who have been affected by this attack. They include Joel Housman, (@JoelHousman), John Siracusa (@Siracusa), Clint Ecker, (@clint), Jacqui Chang, (@ejacqui), David Chartier, (@Chartier), , and Rafe Needleman (@Rafe) and even password application 1Password (@1Password).
There is one common thread with these Twitter users. They are all early adopters. All of these users joined Twitter in 2006 through April of 2007. This is strictly conjecture and I do not have any specific evidence other than tweets from these users. Twitter has not shared any specific details into the attack, except what was possibly gained by the attackers.
With the increase of cyber attacks on sites and users, utilizing applications like 1Password or another similar application will allow you to keep your passwords stored safely and a unique, random, and cryptographically secure passwords for each one of your services. I recommend this because the frequency and sophistication of attacks is only going to increase not decrease.
This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users.
As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts. If your account was one of them, you will have recently received (or will shortly) an email from us at the address associated with your Twitter account notifying you that you will need to create a new password. Your old password will not work when you try to log in to Twitter.
Though only a very small percentage of our users were potentially affected by this attack, we encourage all users to take this opportunity to ensure that they are following good password hygiene, on Twitter and elsewhere on the Internet. Make sure you use a strong password – at least 10 (but more is better) characters and a mixture of upper- and lowercase letters, numbers, and symbols – that you are not using for any other accounts or sites. Using the same password for multiple online accounts significantly increases your odds of being compromised. If you are not using good password hygiene, take a moment now to change your Twitter passwords. For more information about making your Twitter and other Internet accounts more secure, read our Help Center documentation or the FTC’s guide on passwords.
We also echo the advisory from the U.S. Department of Homeland Security and security experts to encourage users to disable Java on their computers. For instructions on how to disable Java, read this recent Slate article.
This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.
Posted by Bob Lord (@boblord)
Director of Information Security