Contents
You’ve been hacked?
Quarter of a million users (250,000) details had been stolen from twitter this week including: usernames, email addresses, session tokens and encrypted/salted versions of passwords Twitter becomes the latest US media giant to admit to being hacked,
Friday, February 01, 2013, Twitter announced on their blog post:
This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users.
Technology Producer Geoff White explains.
“This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.”
Other companies may be attacked also
Twitter’s post comes just two days after the New York Times reported it had been the target of a four-month campaign which it blamed on the Chinese Government which denied any involvement.
The Wall Street Journal also admitted it had been the target of electronic surveillance, which it blamed on “Chinese hackers believed to have government links”.
“As you may have read, there’s been a recent uptick in large-scale security attacks aimed at U.S. technology and media companies. Within the last two weeks, the New York Times and Wall Street Journal have chronicled breaches of their systems”
Apple and Mozilla have turned off Java by default in their browsers.
Twitter takes action
“As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts. If your account was one of them, you will have recently received (or will shortly) an email from us at the address associated with your Twitter account notifying you that you will need to create a new password. Your old password will not work when you try to log in to Twitter.” said Bob Lord.
How twitter users should act now?
Bob Lord said:”Though only a very small percentage of our users were potentially affected by this attack, we encourage all users to take this opportunity to ensure that they are following good password hygiene, on Twitter and elsewhere on the Internet. Make sure you use a strong password – at least 10 (but more is better) characters and a mixture of upper- and lowercase letters, numbers, and symbols – that you are not using for any other accounts or sites. Using the same password for multiple online accounts significantly increases your odds of being compromised. If you are not using good password hygiene, take a moment now to change your Twitter passwords. For more information about making your Twitter and other Internet accounts more secure, read our Help Center documentation or the FTC’s guide on passwords.”
The Twitter hack seems to have relied on a weakness in Javascript, advice to internet users to disable it immediately in their browsers.
“We also echo the advisory from the U.S. Department of Homeland Security and security experts to encourage users to disable Java on their computers in their browsers.”
What to do NOW?
- Even if your are not twitter user, Disable java support in your browser NOW.
- If you have twitter account, even if you are not told your details have been stolen, you might want to change your Twitter password. Do not click on password change links in emails (they may be directing you to fake websites). Instead, go directly to www.twitter.com to change your password.
- Change your password at other services if it were identical to your twitter account. we encourage you to set unique password for every service.Read our post to help you secure yourself online!
read How to disable java in all browsers at once
Development Specialist, Artist and Activist
Personal Website