Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Twitter Resets 250,000 User Passwords After Cyber-Attack

    By
    Brian Prince
    -
    February 5, 2013
    Share
    Facebook
    Twitter
    Linkedin

      Twitter was forced to reset the passwords of 250,000 of its users after it discovered that hackers breached the social network’s security.

      Twitter disclosed on Feb. 1 that it had detected unusual access patterns that ultimately led to the identification of unauthorized attempts to access user data. This led to the discovery of a live attack that the company was able to shut down moments later.

      But Twitter’s investigation into the incident made the company believe the attackers may have had limited access to user information, including usernames, email addresses, session tokens and encrypted/salted versions of passwords for 250,000 users.

      As a precautionary measure, Twitter sent an email to the owners of the affected accounts and then reset their passwords and revoked their session tokens.

      “A crook who steals your salted-and-hashed password can make educated, offline guesses at your password by trying out popular passwords (at great speed on modern password cracking kit), but if you have chosen a decent password, will probably get nowhere,” blogged Paul Ducklin, head of technology for Asia-Pacific at Sophos. “On the other hand, a crook who steals your session token can, in theory, take over your account, at least until he or you next log off.”

      “By revoking your token unilaterally, Twitter will cause only minor annoyance to you (you will have to type in your password again) but create a major headache for any session hijacker (who will, if you have chosen well, be unable to enter your password to get back in),” he added.

      According to a blog post by Bob Lord, Twitter’s director of information security, only a small percentage of users were potentially affected by the attack. Still, users are encouraged to use this as an opportunity to follow good password hygiene on the Web.

      “Make sure you use a strong password—at least 10 (but more is better) characters and a mixture of upper- and lowercase letters, numbers and symbols – that you are not using for any other accounts or sites,” Lord blogged. “Using the same password for multiple online accounts significantly increases your odds of being compromised.”

      With its announcements, Twitter added its name to a list of high-profile companies in the news late last week for being targeted in attacks. That list included The New York Times, The Wall Street Journal and The Washington Post. According to reports, many are placing the blame for the hacks on the newspapers on Chinese espionage. While Lord referenced the attacks against the papers in his blog post, he did not specifically link the Twitter attack to Chinese hackers.

      “This attack was not the work of amateurs and we do not believe it was an isolated incident,” Lord blogged. “The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.”

      Twitter has been hit by serious cyber-attacks in the past. Hackers accessed at least 45 accounts between January and May of 2009, which prompted a Federal Trade Commission investigation that resulted in a settlement in which the company agreed to implement more rigorous security measures.

      Brian Prince

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×