Add Twitter to the list of this week’s high profile hacks. Friday afternoon Twitter joined the ranks of recently compromised sites like The New York Times and The Wall Street Journal, disclosing that as many as a quarter of a million Twitter accounts may have been compromised in the intrusion. In a blog post, Twitter describes the breach:
We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users.
Affected users can expect to receive an email from Twitter, though the company encourages all users to use this week as a reminder to practice good “password hygiene” by tweaking their Twitter password if it isn’t up to snuff (or making a new one even if it is). It’s always a good idea to mix things up, so be sure to sprinkle in a generous dose of alt-caps, numbers and symbols if you’ve been betting the farm on “Password123” all this time.
“This attack was not the work of amateurs, and we do not believe it was an isolated incident,” Twitter said in the blog post. “The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked.”
While Twitter is remaining mum for the time being on the specifics of the hack, it alluded to a known vulnerability in Java and instructed users to disable Java immediately. We’d suggest you do the same.