Today Twitter announced that has detected some suspect patterns related an unauthorized access attempts to Twitter user data, in a nutshell hackers breach Twitter this week and may they obtained access to authentication credentials and other information for as many as 250,000 user accounts.
Bob Lord ,Director of Information Security, at Twitter wrote in a blog post:
“We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users.”
“the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords” he added.
Twitter company has prompted replied to the incident, first of all making outing of the breach to preserve its clients and has reset passwords and has revoked session tokens for compromised accounts.
“As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts. If your account was one of them, you will have recently received (or will shortly) an email from us at the address associated with your Twitter account notifying you that you will need to create a new password. Your old password will not work when you try to log in to Twitter.”
Who is behind the attack?
No doubts according Twitter security experts, we are facing with a structured cyber attack conducted by professionals, Bob Lord commented:
” This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. “
There aren’t detailed info on the attack and it’s not clear the entity of the data exposed neither the Twitter’s systems compromised, Twitter’s blog post indicate that the attackers have exploited a zero day vulnerability in Oracle’s Java software.
Of course many assumptions are circulating on internet, most interesting the one that suggests that principal press agencies and social media platforms are subject to state-sponsored offensives having cyber espionage purpose.
Social media platforms manage a huge quantity of information that’s why they represent a privileged target for hackers, following the revelation of the attacks to the New York Times network, Chinese hackers seem to be the prime suspects.
We must be conscious that the frequency of similar attacks will increase in the time, US Secretary of State Hillary Clinton said on Thursday that there has been an increase in hacking attacks on both state institutions and private companies, so it is necessary a different security approach to defend cyber assents.
Bob Lord also invited Twitter users to adopt efficient password policy:
“we encourage all users to take this opportunity to ensure that they are following good password hygiene, on Twitter and elsewhere on the Internet. Make sure you use a strong password – at least 10 (but more is better) characters and a mixture of upper- and lowercase letters, numbers, and symbols – that you are not using for any other accounts or sites. Using the same password for multiple online accounts significantly increases your odds of being compromised.”