Twitter says hackers compromise 250K accounts

Feb 02, 2013 by Terry Collins
In this Sept. 14, 2010 file photo, Twitter CEO Evan Williams makes a presentation about changes to the social network at Twitter headquarters in San Francisco, In the latest online attack, Twitter says hackers may have gained access to information on 250,000 of its more than 200 million active users, Friday, Feb. 1, 2013. (AP Photo/Marcio Jose Sanchez, File)

Twitter confirmed Friday that it had become the latest victim in a number of high-profile cyber-attacks against media companies, saying that hackers may have gained access to information on 250,000 of its more than 200 million active users.

The social said in a blog posting that earlier this week it detected attempts to gain access to its user data. It shut down one attack moments after it was detected.

But it discovered that the attackers may have stolen user names, email addresses and belonging to 250,000 users. Twitter reset the pilfered passwords and sent emails advising affected users.

The online attack comes on the heels of recent hacks into the computer systems of U.S. media and , including The and The . Both American newspapers reported this week that their computer systems had been infiltrated by China-based hackers, likely to monitor the deems important.

China has been accused of mounting a widespread, aggressive cyber-spying campaign for several years, trying to steal classified information and corporate secrets and to intimidate critics. The Chinese could not be reached for comment Saturday, but the Chinese government has said those accusations are baseless and that China itself is a victim of cyber-attacks.

"Chinese law forbids hacking and any other actions that damage Internet security," the Chinese recently said. "The Chinese military has never supported any hacking activities."

Although Twitter said in its blog that the attack "was not the work of amateurs, and we do not believe it was an isolated incident."

"The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked," the blog said. "For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users."

One expert said that the Twitter hack probably happened after an employee's home or work computer was compromised through vulnerabilities in Java, a commonly used computing language whose weaknesses have been well publicized.

Ashkan Soltani, an independent privacy and security researcher, said such a move would give attackers "a toehold" in Twitter's internal network, potentially allowing them either to sniff out user information as it traveled across the company's system or break into specific areas, such as the authentication servers that process users' passwords.

In a telephone interview Friday, Soltani said that the relatively small number of users affected suggested either that attackers weren't on the network long or that they were only able to compromise a subset of the company's servers.

Twitter is generally used to broadcast messages to the public, so the hacking might not immediately have yielded any important secrets. But the stolen credentials could be used to eavesdrop on private messages or track which Internet address a user is posting from.

That might be useful, for example, for an authoritarian regime trying to keep tabs on a journalist's movements.

"More realistically, someone could use that as an entry point into another service," Soltani said, noting that since few people bother using different passwords for different services, a password stolen from Twitter might be just as handy for reading a journalist's emails.

Explore further: Twitter rules out Turkey office amid tax row

5 /5 (1 vote)
add to favorites email to friend print save as pdf

Related Stories

NY Times says Chinese hacked paper's computers (Update)

Jan 31, 2013

Chinese hackers repeatedly penetrated The New York Times' computer systems over the past four months, stealing reporters' passwords and hunting for files on an investigation into the wealth amassed by the family of a top ...

Google adds warning of 'state-sponsored attacks'

Jun 06, 2012

(AP) — Google said Wednesday that it has added a feature to warn users whose accounts it believes are targets of "state-sponsored attacks," but the Internet giant did not cite a specific government.

Recommended for you

Twitter rules out Turkey office amid tax row

8 hours ago

Social networking company Twitter on Wednesday rejected demands from the Turkish government to open an office there, following accusations of tax evasion and a two-week ban on the service.

How does false information spread online?

11 hours ago

Last summer the World Economic Forum (WEF) invited its 1,500 council members to identify top trends facing the world, including what should be done about them. The WEF consists of 80 councils covering a wide range of issues including social media. Members come ...

User comments : 0

More news stories

Freight train industry to miss safety deadline

The U.S. freight railroad industry says only one-fifth of its track will be equipped with mandatory safety technology to prevent most collisions and derailments by the deadline set by Congress.

Microsoft CEO is driving data-culture mindset

(Phys.org) —Microsoft's future strategy: is all about leveraging data, from different sources, coming together using one cohesive Microsoft architecture. Microsoft CEO Satya Nadella on Tuesday, both in ...

IBM posts lower 1Q earnings amid hardware slump

IBM's first-quarter earnings fell and revenue came in below Wall Street's expectations amid an ongoing decline in its hardware business, one that was exasperated by weaker demand in China and emerging markets.

Down's chromosome cause genome-wide disruption

The extra copy of Chromosome 21 that causes Down's syndrome throws a spanner into the workings of all the other chromosomes as well, said a study published Wednesday that surprised its authors.

Ebola virus in Africa outbreak is a new strain

The Ebola virus that has killed scores of people in Guinea this year is a new strain—evidence that the disease did not spread there from outbreaks in some other African nations, scientists report.