Twitter has admitted that up to 250,000 user account security details, including email address, usernames and passwords were stolen by sophisticated hackers this week.
Having detected suspicious activity and repeated unauthorised access attempts, Twitter discovered one live attack which it promptly shut down. However the attack was not stopped before user information was stolen, including encrypted versions of user passwords.
Bob Lord, Director of Information Security for Twitter, admitted the security breach in blog post today. He explained “our investigation has thus far indicated that the attackers may have had access to limited user information … for approximately 250,000 users.” as well as expressing that the attack was “extremely sophisticated” and conducted by a professional hacker, or group of hackers.
Twitter has reset passwords for the compromised accounts and sent emails to all those thought to be affected. Bob Lord also suggests that all Twitter users ensure they use strong passwords for their account and not to use the same password for more than one account. “Make sure you use a strong password – at least 10 (but more is better) characters and a mixture of upper- and lowercase letters, numbers, and symbols – that you are not using for any other accounts or sites.” he advises.
The admission follows a scare that up to 55,000 user account details were stolen in 2012, although Twitter confirmed that it had not been compromised on that occasion. To date successful attempts to steal Twitter user data was restricted to phishing scams where users would divulge usernames and passwords on spoof Twitter sites. This is the first occasion that Twitter has admitted that personal data has been directly hacked.
Suspicion for the weakness that led to the theft appears to point to towards users having Java enabled on their browsers. Apple and Mozilla both recently disabled Java by default on their browsers, Safari and Firefox respectively. The finger pointing also follows advice from the U.S. Department of Homeland Security experts encouraging users to disable Java from browsers. Java is used in billions of devices worldwide, from personal computers to mobile phones and TVs.
With over 500 million existing accounts and 400 million tweets being sent a day, Twitter is one of the biggest and most active social networks in the world. The 250,000 Twitter users compromised in the hack account for less than 0.05% of all Twitter users.
If you would like to disable Java from your browsers the instructions for all browsers can be found on the Java.com website here.
Have you been affected by the Twitter hack? Have you had your account details phished in the past? Let us know via the Trusted Reviews Twitter (ironic we know) and Facebook feeds or through the comment boxes below.