February 2, 2013 1:16 am

Twitter hit by ‘sophisticated’ hackers

A quarter of a million Twitter accounts may have been compromised in what the social networking company said was an “extremely sophisticated” hacking attack that may also have targeted other websites.

In a posting to its site late on Friday afternoon, Twitter said it had reset the passwords of 250,000 users after detecting “unauthorised attempts to access Twitter user data”.

The information involved included email addresses and encrypted versions of passwords. The attack appears to have affected many of Twitter’s earliest users, including some of the company’s investors and employees.

“This attack was not the work of amateurs, and we do not believe it was an isolated incident,” wrote Bob Lord, Twitter’s director of information security.

“The attackers were extremely sophisticated, and we believe other companies and organisations have also been recently similarly attacked.”

Affected users have been emailed with instructions to reset their passwords and warned to be vigilant for “phishing” attacks from emails or websites disguised to look like Twitter’s own.

Mr Lord referred to the recent vulnerability in Java, a widely used software plug-in, which was uncovered two weeks ago. The US Department of Homeland Security believed that the risks of Java exploits were so high that it recommended it be disabled in web browsers. Apple and Mozilla issued updates disabling Java in their browsers.

This week, The New York Times and The Wall Street Journal said they had been targeted by hacking attacks believed to have originated in China.

Oracle, which owns Java, on Friday issued a “critical patch update” for the software.

In a blog post, Oracle said it had decided to accelerate from a planned release in two weeks’ time because of an “active exploitation in the wild” of one of the vulnerabilities.

Mr Lord said Twitter had discovered “one live attack” in progress, which it was able to shut down “moments later”, a countermeasure which may have prevented more users from being affected.

He also reminded readers to use a strong password, with at least 10 characters – “more is better” – and a mixture of upper and lower-case characters, numbers and symbols.

“Using the same password for multiple online accounts significantly increases your odds of being compromised,” he said.

Twitter said its investigation into the attacks was continuing.

Related Topics

Copyright The Financial Times Limited 2015. You may share using our article tools.
Please don't cut articles from FT.com and redistribute by email or post to the web.


Sign up for email briefings to stay up to date on topics you are interested in