2013 is already starting to be a ripe year for security breaches, with Twitter today reporting that their security systems were breached and information for around 250,000 accounts may have been accessed. Twitter's Director of Information Security Bob Lord says that usernames, email addresses, session tokens and encrypted/salted passwords were potentially accessed, but nothing more serious than that.
As Twitter's stored passwords were encrypted there's little chance that the hackers could reveal the actual, plain text password, but as a "precautionary security measure" Twitter has reset the passwords and revoked session tokens for all affected accounts. If you were one of the 250,000 accounts affected, you should shortly receive an email informing you that you'll need to create a new password; this is a very small percentage of overall users, so don't expect to receive an email.
The good news is that Twitter managed to discover the attack while it was in the process of accessing unauthorized data, meaning they could shut it down before more data was accessed. Bob Lord believes that the attack was "not the work of amateurs" nor an "isolated incident", instead saying that the attackers were extremely sophisticated, and that other organizations may have been attacked by similar methods recently.
Twitter is currently working with law enforcement agencies to try and find the people responsible for this recent attack, while also reminding people (once again) to disable Java on their computers.
44 Comments - Add comment